[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP control for multipile domains

To: Adam Williams <awilliam@whitemice.org>
Subject: Re: LDAP control for multipile domains
From: Derek Simkowiak <dereks@itsite.com>
Date: Sat, 23 Nov 2002 11:45:28 -0500 (EST)
Cc: <post+openldap@macallister.grass-valley.ca.us>, "OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <1038066284.7301.9.camel@estate1.whitemice.org>

> What benefit does o=*,c=*, offer?

	Thanks for your reply.

	I had never proponed o=*,c=*.  My only observation was that in
supporting multiple domains within my own LDAP server (using the LDAP
server for authentication, mostly), splitting all domain names into their
dc components was less convenient that keeping the entries whole.

> SRV records are "Service" records.  They provide via DNS (universally
> supported) a way for clients to locate IMAP, LDAP, POP, SMTP, Kerberos,
> services appropriate to them.

	This is very interesting.  If you have any references (RFCs, URLs,
book titles, product names) I would greatly appreciate it.

	In a recent project I spent a great deal of time setting up
systems that constantly test the network, and take corrective action when
problems are discovered.  Would that fall under the "Zero Administration
Network" title?  Or does it apply only to automatic configuration of new
clients?  How does it relate to security updates and test-group rollouts?
(I'm not expecting answers, just looking for references -- I have
previously only heard the term "Zero Administration Network" as a
marketing term, like "Faster Internet" or "100% Secure".)


> If those applications use LDAP for their operation, how much effort did
> you expend configuring the client?

	Not much, really.  As I've said three times now, my client apps
work fine with whatever schema I choose to implement.  It's just that
having to massage every search for "foo.com" by first splitting it into
"dc=foo, dc=com" it something of an annoyance that sometimes adds a
considerable amount of complexity to the configuration.

	So I can now qualify my initial observation: splitting up *all*
entries which happen to be domain names seems rather purposeless.  I had
made the mistake at the outset of splitting all of my entries (which
happened to be domain names) into their dc components -- which was
counterproductive to solving my problem.  It does not seem to me that RFC
2247 is recommending that practice anyhow, so my mistake was extending the
dc=foo, dc=com examples I read about to every domain entry in my database.

	All of the replies are very much appreciated, thanks again.


--Derek

Follow-Ups:
- Re: LDAP control for multipile domains
  - From: Adam Williams <awilliam@whitemice.org>

References:
- Re: LDAP control for multipile domains
  - From: Adam Williams <awilliam@whitemice.org>

Prev by Date: AW: Performance of Netmeeting/openLDAP server
Next by Date: Re: how use lastmod to track last modify time
Index(es):
- Chronological
- Thread