[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Greatest Value -- Thank you!



I don't mean to offend anyone, but before you dismiss that "sales pitch" I'd
like to point out one thing: none of the other suggested solutions actually
guarantees a valid result. The only way to guarantee a valid result is to
put
a server directly on top of the user database (e.g. /etc/passwd) which is
exactly
what Connexitor does. We use the native platform's locking conventions, to
make
sure that no interference/corruption can occur from commandline sysadmins.
When
you do an LDAP search on our tree, you see absolute truth: you see your list
of
users, exactly as the native system's security mechanisms see them. Any
other
approach of "replicating" Unix account info into traditional/static LDAP
directories is guaranteed to be out of sync with reality. Even worse,
there's no reliable
change detection mechanism when you go that route, so you have no efficient
way
of reflecting updates from the real world into your LDAP directory data.
Using
our UnixAuth agent, your LDAP-fronted user list never goes out of sync
because it
is exactly the contents of your actual security database. And so, when you
use
LDAP Add to create a user object thru our agent, and you opt for a UID to be
automatically assigned, it is guaranteed to be unique and valid. No one else
can
offer you this certainty.

Again, I don't mean to offend anyone, I just wanted to set the record
straight.
If anyone would like to discuss this further, please continue in private
email,
I don't wish to clutter the mailing list.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matthew
> Hoskins
> Sent: Friday, November 24, 2000 6:45 AM
> To: openldap-software@OpenLDAP.org
> Subject: Greatest Value -- Thank you!
>
>
> I would just like to say that I am thoroughly impressed with the
> response to
> my question.  All of the ideas (with the exception of the sales pitch one
> person emailed me) are very good.  I now have many options to
> explore and it
> would not be possible without the help of this list.  Thanks again!
>
> Matthew Hoskins -- Cisco Certified Network Associate
> Ponyexpress.net / MagicCablePC / NPGCO
> Systems Administrator
>