On Wed, 2009-11-04 at 16:15 -0600, Les Mikesell wrote: > Craig White wrote: > > >>> At that point, using OpenLDAP or CentOS-DS or Fedora-DS is more or less > >>> a matter of implementation details and utility. None of them are better > >>> than the other for most purposes and even things like the consoles in > >>> Fedora-DS aren't going to make it any easier for you to use LDAP if you > >>> don't understand how it works. In short, there really aren't decent > >>> shortcuts to using LDAP if you don't care to actually understand how and > >>> why it works. > >> I think the standards bodies have failed us badly on this front. People > >> don't want to understand LDAP any more than they want to understand the > >> bits in a TCP packet header. They just want systems to interoperate. > > ---- > > I suppose I don't understand what you are saying. Are you saying that > > some of the LDAP servers are not compliant with RFC's for LDAP? Which > > ones? how? > > No, I'm saying that there should have been standardized schemas eons ago > for the things that everyone needs to store and all implementations > should interoperate at that level. ---- Why? Because Les says so? LDAP is not one configuration fits all...everyone has their way of doing things from SunDS to Fedora-DS to SuSE/eDirectory to Microsoft. Deal with it. Your argument ignores the fact that LDAP exists not to provide authentication but to provide directory services. It is entirely possible if not logical to use LDAP and not provide user authentication. ---- > > > As for people not wanting to understand LDAP, that's their choice and I > > wish them luck. If you want a pre-configured LDAP that's always the same > > for every installation, check out Active Directory. It doesn't get any > > easier to implement LDAP on Active Directory if you don't understand it. > > Can you ship something pre-configured to work with Active Directory? > Why should more than one person have to 'implement' it? If it works in > one place, won't the same implementation work elsewhere? ---- system-config-authentication - that's a tool you can use to configure any computer to use AD or LDAP or whatever authentication service you choose. Macintosh has a similar tool for configuration. It's only a problem for people that don't want to understand LDAP. Always the same arguments from the same people that want to use LDAP and never understand anything about it. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.