RE: Authentication Methods for LDAP - last call

[Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>]

Agree with John - specifically the Good Grief part.

I also think that those who pronounce that 200,000 users on 1 LDAP
server should get a bit of reality into their argument. Does anyone on
this list that:
a) a 200,000 staff company running a commercial business will use 1 LDAP
server - that size of organisation will be distributed around - will
require redundant backups and will require connectivity to other
organisation's (trading partner) directory systems.

b) this company wants to have a server system say 5 or 6 of them where
they have to replicate everything in one to everything in another - and
also with their trading partners.
eg. Please buy 5 LDAP servers and then get 5 people to keep them in
sync. 


When discussing the operational limitations of LDAP servers and the need
to hire the LDAP configuration army to run them - and then all the
issues of LDAPs security mess/key management its very easy to convince
commercial organisations to go to X.500 systems.


regards alan
----------
From: John C. Strassner
To: Chris Newman; John C. Strassner
Cc: Steve Kille; ietf-ldapext@netscape.com
Sent: 8/6/98 9:10:28 AM
Subject: Re: Authentication Methods for LDAP - last call

Good grief. The argument set forth by you and some others essentially
says
don't worry about mass deployments, or the Internet, or real businesses
that have more than ONE server, use a (by your own admission) weak
security
mechanism (CRM-MD5) because it is simpler to implement and better than
passing clear text. This is bordering on the absurd. You will never
convince me, Steve, Paul, and others that work on distributed systems of
this argument.

Snip.


regards alan