[Date Prev][Date Next]
Re: Silly details like CN= v cn=
Andrew Bartlett wrote:
On Sun, 2008-01-06 at 17:35 -0800, Howard Chu wrote:
Howard Chu wrote:
It's not just perfectly valid, it is exactly correct. RFC4519 defines the
attribute name to be 'cn' and we always return the canonical name for a given
attribute. As always with Microsoft, AD is a broken abomination.
Of course, the point remains that attribute names are case-insensitive, and
any user doing a case-sensitive compare on the attribute names is begging for
I know we've had this conversation before, but I think it bears repeating -
you don't always need to be bug-for-bug compatible with Microsoft.
Perhaps it's my history with this area, or working in for appliance
vendors in the past, but I've never quite had the luxuary of being able
to say 'our users will understand, we are doing it right'.
Your users are probably the Most Likely to understand, of any user base.
Anyone installing Samba is already strongly motivated to get away from
Microsoft, I don't think anyone could be more understanding.
Of course things will be different, and the network interfaces won't
quite match up, but the lesson the team has had so often is until your
tests prove you are byte-for-byte idential, something will break...
Sure, that's understandable, especially for a closed protocol whose only
specification is its implementation. (Does anyone believe that the docs
Microsoft has licensed actually describe the code they've delivered?)
So weigh that into your bug-for-bug-compatibility considerations - over time,
Samba+OpenLDAP will be the #1 directory deployed in Windows environments, just
as it already is in Unix/Linux environments. As long as neither one of us
badly screws up the code bases it is inevitable. So some places where you bend
over backwards to accommodate Microsoft's flagrant disregard of open standards
won't be so important down the road, because we are the de jure standard and
will be the de facto standard.
In the meantime, I have to hope we can produce something that can get us
into the position. How do we slip into an IT department that already
has it's scripts, processes and stubbornly, poorly written software,
without breaking the lot?
80/20 rule... 20% will break, regardless of your best efforts. Get over it,
move on. If you aim for 100% compatibility you're going to have to insert
delay loops everywhere, and you know what response that suggestion is going to
That all said - I understand your perspective; we won't actively try to make
your job harder, and we will try to help make it easier where we can.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/