[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3 a nightmare



Quoting Eric G Ortego <eric@tonychachere.com>:

> Howard Chu wrote:
> 
> > Yes, only one password repository is needed.
> 
> That is definatly what I wanted to hear.

Do remember that LDAP is _NOT_ (can't stress that enough!) designed
to be 'secure' (that is, to store 'very secret information'). Kerberos
is.

So you will loose security if going this route...

> >In fact only one database is
> > needed;
> 
> good too.

That can't be argued. It's always a matter of weighting comfort with security...
_I_ choose to think that security is more important than comfort, but that's
just me.

It IS possible to get 'resonable security' when setting up LDAP. That require
quite some knowledge though. But it will NEVER be as secure as having two
databases...

And when it comes to comfort, that's just a one time thing. Write your scripts
correctly (I'm using http://www.bayour.com/scripts/ldapadduser.sh), and you can
have BOTH comfort AND security...