[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap version (proxy cache)



Sorry to add noise. Howard's replies are sufficient, but my 2c FWIW...

Owen DeLong wrote:
OpenLDAP is, in most
situations, useless without at least one of the other packages
you mention above (nss_ldap, Kerberos, mod_auth_ldap, pam_ldap, etc.)

-1. It may not serve the role what you want, but it is far from useless as a directory service.


All of these packages have dependency relationships one way or the
other, yet, none of them seem to be interested in helping users
make them talk to each other.  That's sad and it reduces the
usefulness of all of the projects.

I think it's perfectly appropriate, because LDAP can integrate with hundreds if not thousands of tools and I don't personally have an interest in reading about all of them here. OTOH, I would expect to read about them on a list about LDAP interoperability:


http://lists.fini.net/mailman/listinfo/ldap-interop

What is missing is a HowTo
guide that shows a basic common solution that can be used by
90+% of the userbase

IMHO, you can't draw a clean line around what 90% of the OpenLDAP userbase wants to do with the software. Perhaps I'm an extreme example, but I don't happen to use anything you've expressed an interest in.


some friendlier LDAP browser/editor front ends

The OpenLDAP clients give you the basics, which I think set the boundaries on a very reasonable project scope. There are many more tools and APIs coming from other sources, myself included. The beauty of an open protocol is that they are not specific to a single implementation.


reasonable prototype ACLs and decent security.

man slapd.access, which is always a work in progress because the capabilities it describes just seem to keep expanding. There's also this:


http://www.openldap.org/faq/data/cache/189.html

and for security there is chapters 9, 10, and 11 of the admin guide.

Frankly, this list is probably the best kept secret in OpenLDAP support.

Wow, google is sneakier than I thought ;) I think the best kept secret is why a population of crybabies like us can get so much free support at all. Just saying.


OpenLDAP is one of the most difficult, confusing, poorly documented
(this applies
to LDAP in general, actually), and generally cryptic open source
packages I've
ever dealt with.

Obviously you've never worked with the Tomcat Jk connectors :) LDAP itself is actually pretty comprehensively documented, but you need to speak RFC and actually read about 30 pages of them.


I'm working on a cookbook for
building a basic LDAP Authentication configuration on Fedora. When I
get it finished, I'll pass it along.

ie. part of the solution. Great. Honestly, I'd guess the Fedora community would be *more* interested.


from my perspective
as an end user, until I found this list, openLDAP was like an elite
private club as far as I could tell.

I instantly feel special ;)

Jon Roberts
www.mentata.com