>The flip side is that other vendors *are* providing these extensions and this, in turn, might affect the decision for some users to use something other than OpenLDAP. This >is bad for us all! An area that is similar to this, from my perspective, is transaction/rollback support. Similar tradeoffs WRT the application developer, IMHO.
I'm worried about this "others are doing it", but for a different reason: It would be unpleasant for me to find out that some commercial application that I need to couple with OpenLDAP backend actually requires SSS.
I know that applications are supposed to use these vendor-specific extensions if and only if the server supports them, but I'm also quite sure that most of the commercial developers are happy to roll out a product that works with a cople of most important commercial products. As you say, some of these extensions (SSS, ACID) are really tempting... :-(