[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authenticaton against PAM how-to



> But we know there are problems with this approach. First, using the
> google hunt-and-peck method does very little to give one a coherent
> picture of the workings of OpenLDAP. Second, we all know that there is
> an abundance of BAD information about OpenLDAP out there (owing, in
> part, to the fact that the vast majority of OpenLDAP installations are
> still on version 2.2, thanks to the reluctance of several mainstream
> Linux distributions).
> Emmanuel's point is worth noting: it is very difficult to learn the
> OpenLDAP  jargon, and the official documentation (the admin guide plus
> the FAQ, plus the man pages) quite simply don't cut it. They are
> steeped through and through with LDAP technical jargon (often used
> inconsistently, like "slave","shadow," "replica," and "subordinate"
> all referring to the server receiving replication by SLURPD or
> SyncRepl).

Sorry, but this is rubbish.  Is the Samba documentation expected to
explain how Windows works or serve as an introduction to SMB/CIFS
networking?  Half the terms above are generic LDAP terms;  is someone
wants to use LDAP then start with reading up on *LDAP*.  Seems
reasonable to become familiar with a technology before moving on to a
specific implementation.  If you think this applies only to OpenLDAP pop
over to the Samba, Sendmail, Cyrus, etc... lists for people asking
questions that are really about CIFS, SMTP, IMAP, etc...

> My opinion may be in the minority here, but I don't think that a
> prerequisite to running OpenLDAP ought to be the thorough and careful
> reading of the whole bundle of LDAP RFCs. 

It isn't.  There is *LOTS* and *LOTS* and *LOTS* of well cooked LDAP
documentation - see Amazon.  
http://www.amazon.com/gp/reader/0672323168/ref=sib_dp_pt/105-2231389-9349228#reader-link

Asking the OpenLDAP project to re-document LDAP is unreasonable.  Or
SASL for that matter.   

Now, I'll agree 100% that SASL documentation is seriously wanting,  but
that doesn't have much to do with OpenLDAP.  I've been using OpenLDAP +
SASL and SASL with other services for years and I still find SASL
frustrating.

> Besides, Emmanuel did his best in attempting to actually remedy the
> situation by providing some information in an organized form. He
> didn't get it all right, but instead of getting helpful feedback, he
> is getting flamed! Most of his questions go unanswered, though he's
> getting "RTFM" comments and the like.
> Starting with the first response, little positive information was
> given (aside from "that's deprecated"). 

"deprecated" seems pretty clear to me - don't use it.

Attachment: signature.asc
Description: This is a digitally signed message part