[Date Prev][Date Next]
Re: Openldap version (proxy cache)
Sorry to add noise. Howard's replies are sufficient, but my 2c FWIW...
Owen DeLong wrote:
OpenLDAP is, in most
situations, useless without at least one of the other packages
you mention above (nss_ldap, Kerberos, mod_auth_ldap, pam_ldap, etc.)
-1. It may not serve the role what you want, but it is far from useless
as a directory service.
All of these packages have dependency relationships one way or the
other, yet, none of them seem to be interested in helping users
make them talk to each other. That's sad and it reduces the
usefulness of all of the projects.
I think it's perfectly appropriate, because LDAP can integrate with
hundreds if not thousands of tools and I don't personally have an
interest in reading about all of them here. OTOH, I would expect to read
about them on a list about LDAP interoperability:
What is missing is a HowTo
guide that shows a basic common solution that can be used by
90+% of the userbase
IMHO, you can't draw a clean line around what 90% of the OpenLDAP
userbase wants to do with the software. Perhaps I'm an extreme example,
but I don't happen to use anything you've expressed an interest in.
some friendlier LDAP browser/editor front ends
The OpenLDAP clients give you the basics, which I think set the
boundaries on a very reasonable project scope. There are many more tools
and APIs coming from other sources, myself included. The beauty of an
open protocol is that they are not specific to a single implementation.
reasonable prototype ACLs and decent security.
man slapd.access, which is always a work in progress because the
capabilities it describes just seem to keep expanding. There's also this:
and for security there is chapters 9, 10, and 11 of the admin guide.
Frankly, this list is probably the best kept secret in OpenLDAP support.
Wow, google is sneakier than I thought ;) I think the best kept secret
is why a population of crybabies like us can get so much free support at
all. Just saying.
OpenLDAP is one of the most difficult, confusing, poorly documented
to LDAP in general, actually), and generally cryptic open source
ever dealt with.
Obviously you've never worked with the Tomcat Jk connectors :) LDAP
itself is actually pretty comprehensively documented, but you need to
speak RFC and actually read about 30 pages of them.
I'm working on a cookbook for
building a basic LDAP Authentication configuration on Fedora. When I
get it finished, I'll pass it along.
ie. part of the solution. Great. Honestly, I'd guess the Fedora
community would be *more* interested.
from my perspective
as an end user, until I found this list, openLDAP was like an elite
private club as far as I could tell.
I instantly feel special ;)