[CentOS] user management solution needed

Les Mikesell lesmikesell at gmail.com
Wed Nov 4 23:25:05 UTC 2009

Craig White wrote:
>>> I suppose I don't understand what you are saying. Are you saying that
>>> some of the LDAP servers are not compliant with RFC's for LDAP? Which
>>> ones? how?
>> No, I'm saying that there should have been standardized schemas eons ago 
>> for the things that everyone needs to store and all implementations 
>> should interoperate at that level.
> ----
> Why? Because Les says so?

Well, if you prefer to wait for Microsoft to dictate a standard...

> LDAP is not one configuration fits all...everyone has their way of doing
> things from SunDS to Fedora-DS to SuSE/eDirectory to Microsoft. Deal
> with it.

Sure, vendor lock-in exists.  But that's why we need standards.  It 
isn't any better for people to make up different stuff in LDAP schemas 
than it is HTML tags.

> Your argument ignores the fact that LDAP exists not to provide
> authentication but to provide directory services. It is entirely
> possible if not logical to use LDAP and not provide user authentication.

Sure, and you can make up new stuff in HTML if your goal is to prevent 
interoperability.   And that's been done too.

>>> As for people not wanting to understand LDAP, that's their choice and I
>>> wish them luck. If you want a pre-configured LDAP that's always the same
>>> for every installation, check out Active Directory. It doesn't get any
>>> easier to implement LDAP on Active Directory if you don't understand it.
>> Can you ship something pre-configured to work with Active Directory? 
>> Why should more than one person have to 'implement' it?  If it works in 
>> one place, won't the same implementation work elsewhere?
> ----
> system-config-authentication - that's a tool you can use to configure
> any computer to use AD or LDAP or whatever authentication service you
> choose. Macintosh has a similar tool for configuration.

I don't want 'whatever' service, I want an interoperable service.  If I 
say LDAP there, where's the matching server?

> It's only a problem for people that don't want to understand LDAP.
> Always the same arguments from the same people that want to use LDAP and
> never understand anything about it.

If you have to understand it, then it isn't ready to use.  XML has the 
same problem if you want to use it for anything.  That's why people use 
HTML where a standards body took something from being a toolbox with 
potential and made it useful.  I can use HTML between two more or less 
arbitrary client and programs and have mostly predictable results. Why 
can't that be the case for LDAP?

   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list