[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Greatest Value -- Thank you!

I don't mean to offend anyone, but before you dismiss that "sales pitch" I'd
like to point out one thing: none of the other suggested solutions actually
guarantees a valid result. The only way to guarantee a valid result is to
a server directly on top of the user database (e.g. /etc/passwd) which is
what Connexitor does. We use the native platform's locking conventions, to
sure that no interference/corruption can occur from commandline sysadmins.
you do an LDAP search on our tree, you see absolute truth: you see your list
users, exactly as the native system's security mechanisms see them. Any
approach of "replicating" Unix account info into traditional/static LDAP
directories is guaranteed to be out of sync with reality. Even worse,
there's no reliable
change detection mechanism when you go that route, so you have no efficient
of reflecting updates from the real world into your LDAP directory data.
our UnixAuth agent, your LDAP-fronted user list never goes out of sync
because it
is exactly the contents of your actual security database. And so, when you
LDAP Add to create a user object thru our agent, and you opt for a UID to be
automatically assigned, it is guaranteed to be unique and valid. No one else
offer you this certainty.

Again, I don't mean to offend anyone, I just wanted to set the record
If anyone would like to discuss this further, please continue in private
I don't wish to clutter the mailing list.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matthew
> Hoskins
> Sent: Friday, November 24, 2000 6:45 AM
> To: openldap-software@OpenLDAP.org
> Subject: Greatest Value -- Thank you!
> I would just like to say that I am thoroughly impressed with the
> response to
> my question.  All of the ideas (with the exception of the sales pitch one
> person emailed me) are very good.  I now have many options to
> explore and it
> would not be possible without the help of this list.  Thanks again!
> Matthew Hoskins -- Cisco Certified Network Associate
> Ponyexpress.net / MagicCablePC / NPGCO
> Systems Administrator