On Thu, 2005-03-24 at 08:06, Craig White wrote: > > > > If you think people will have trouble making a standard tool work > > when it comes with working defaults, consider how much harder it > > becomes when you have to build your own tool from parts and it > > ends up being one of a kind. There is quite a bit of talk on > > the k12ltsp list about this as they are trying to settle on a > > scripted approach to building a working LDAP configuration. It > > just doesn't make sense for every user to have to do that himself. > ---- > OK let me get this straight... > > SLES has it's own method for turnkey LDAP > Samba is doing their own > K12LTSP is doing their own > and Paul is asking why Fedora / Red Hat isn't doing their own Yes, you have it straight. Red Hat, the most popular distribution, or so they would like to claim, does not provide a standard solution so everyone else is forced to make up their own, resulting in versions that aren't likely to interoperate. It makes about as much sense as making every user hand code their own sendmail.cf following their own interpretation of the RFC's. > and we know that Red Hat purchased the Netscape Directory > > and in the end, we will end up with a lot of different 'standard' > implementations of LDAP that work with one specific setup > > Doesn't exactly simplify things for users Who, other than Red Hat is in a position to fix this? > Considering all of things that such a system would entail - openssl, > cyrus-sasl, kerberos, samba, pam, generating certificates, and on and > on, thinking that someone is going to provide a turnkey solution for > LDAP is rather myopic... The more complicated it is, the more critical it is to supply a standard solution and let everyone share the problem solving as they do with the other programs included in the distribution. > it's only going to entail solutions for the > specific needs of a particular set of circumstances and in essence, > become a limiting technology when LDAP is purposely designed to be an > enabling technology. That argument might apply to the linux kernel and it's associated drivers that have to specifically address the user's particular hardware. I don't see how it applies to shipping a server that will answer the queries of the clients shipped in the same distribution. > Of course the price of admission to this technology > has always been knowledge...these really are only efforts to circumvent > the need to understand how to set it up and how it works. Good defaults are what makes things work. I don't know how to write a device driver and I'm happy that I don't need to. I wish it were the same for LDAP. > Not sure how the topic of Windows viruses has transformed into an LDAP > discussion... I've forgotten where the discussion went, but having a working LDAP server where you 'just add users' for the network would go a long way toward making it easy to replace virus-ridden boxes with thin clients or other linux solutions. -- Les Mikesell les@xxxxxxxxxxxxxxxx
