[CentOS] user management solution needed

Craig White craigwhite at azapple.com
Wed Nov 4 22:16:13 UTC 2009

On Wed, 2009-11-04 at 17:01 -0500, Brian Mathis wrote:

> In my extremely limited experience with LDAP, it seem that the problem
> is not "LDAP" itself, but how to structure it.  Most howtos walk you
> through installing whatever software, and then say "OK, now you have
> LDAP!"
> The problem is that LDAP is useless without a structure and data
> inside of it.  You are usually left with a blank canvas after the
> install is complete.  It's a very daunting task to start sticking
> things in there without any guidance on the best way to structure it,
> especially since this is supposed you be the be-all end-all directory
> of everything and anything you do wrong now you need to live with for
> your entire life.
> One argument is that everyone has different requirements, but there's
> got to be some kind of reasonable default that could be used for
> setting up something like distributed password auth.  As you mention,
> Active Directory does this, and maybe a structure like that is a
> reasonable default to recommend/include for people who don't need to
> fully architect a directory structure for a global company.
The structure is simple if you understand LDAP and horrifically
confusing if you don't understand LDAP.

If you use CentOS-DS or Fedora-DS, they are opinionated enough upon
initial setup to give you a predefined structure so I am not sure where
the problem lies except that you still don't understand LDAP so it is of
little use.

>From it's conception, LDAP was not designed to do user authentication.
It happens to work and it can work well and each office/network has its
own requirements. I myself have done things differently most times I
have set it up for a company...no big deal except that I had to learn
how it worked. It's amazing the amount of justification that people can
come up with for not learning how technology works.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the CentOS mailing list