On Fri, 2005-03-25 at 00:19 -0600, Les Mikesell wrote: > On Thu, 2005-03-24 at 23:02, Craig White wrote: > > learn how to use the tools that are > > provided...ldapmodify/ldapadd/ldapsearch. Once you get that, you got it > > made. > > Those are all simple enough other than the bizarre syntax for searching, > but it doesn't tell me what the clients are going to request or why > my clients might be different from yours. Or why it would hurt to > include the things your clients use too, even if I don't run the > same ones yet. > ---- I'm sort of through with this topic since you ask all these questions without taking the time to understand the technology - but are focused in on what you think you want and what you think that you know. there isn't a bizarre syntax for searching...there is only the syntax. In the way that computer languages look bizarre until I learn them, then I guess this is bizarre. and yes, it does tell you why what the 'clients' are going to request but I suppose you would have to understand the technology to understand the technology. How does someone tell Postfix which filters to use if they can't run a search from the command line? How does someone search the logs to see why a login failed if /var/log/secure or /var/log/messages don't say failed authentication? If I am setting DSA up to be a samba domain controller, that changes my DSA substantially from those instances where I don't. Samba has this need to find 'Computers' as people and I don't want 'Computers' in with my 'People'. Windows has an entirely different concept of Groups, where one group can contain another group (aka nested groups) but Posix doesn't have a clue what that is about. Windows has 'domain' groups and 'local' groups but Posix has only 'local' groups. So the answer to your question about why your setup might be different than mine or one setup might be different than another should be evident. Lastly - and it's obvious that I haven't made this point clear but I will try one last time... LDAP is entirely flexible - it is a database with teeth. It has been given other tools to make it useful for things like authentication systems. If some distribution or project comes up with an LDAP turnkey facility, it will be an entirely limiting, their concept, their implementation, their vision. You will find it useful while you have no concept, little understanding of the implementation and no vision of your own. The only thing that will let you escape from that concept, that implementation and that vision is to learn the technology. Craig