> In my extremely limited experience with LDAP, it seem that the problem > is not "LDAP" itself, but how to structure it. Most howtos walk you > through installing whatever software, and then say "OK, now you have > LDAP!" Agreed. > The problem is that LDAP is useless without a structure and data > inside of it. You are usually left with a blank canvas after the > install is complete. It's a very daunting task to start sticking > things in there without any guidance on the best way to structure it, > especially since this is supposed you be the be-all end-all directory > of everything and anything you do wrong now you need to live with for > your entire life. Yes, this is a problem if you have a very large organization with LDAP needs that go beyond the simple authentication and phone/email stores. My needs are relatively minor though. I need central authentication for anywhere from 10 to 100 servers and the ability to control logins and monitor logins from one location. Using RedHat/FedoraDS in close to the default configuration works wonderfully for these environments. > One argument is that everyone has different requirements, but there's > got to be some kind of reasonable default that could be used for > setting up something like distributed password auth. As you mention, > Active Directory does this, and maybe a structure like that is a > reasonable default to recommend/include for people who don't need to > fully architect a directory structure for a global company. Please do take a look at the RedHat DS offering (now the 389 project). It's *extremely* simple to configure as an authentication server with replication. You can configure the server/replication in under an hour.