On Fri, 25 Mar 2005 10:57:26 -0700, Craig White <craigwhite@xxxxxxxxxxx> wrote: > On Fri, 2005-03-25 at 11:36 -0600, Les Mikesell wrote: > > On Fri, 2005-03-25 at 08:33, Craig White wrote: > > > > > I'm sort of through with this topic since you ask all these questions > > > without taking the time to understand the technology - but are focused > > > in on what you think you want and what you think that you know. > > > > The *how* of the technology isn't the point - I can make a server > > start and add and search records. The question you haven't > > answered is *why* anyone would ever want to make their system > > unique and unworkable with any others, and the related question > > of why, given one system configured for linux and windows > > authentication you can't just duplicate that setup for any > > number of similar networks? > > > > > there isn't a bizarre syntax for searching...there is only the syntax. > > > In the way that computer languages look bizarre until I learn them, then > > > I guess this is bizarre. > > > > OK, it's a religious issue I guess. But I am not interested in > > inventing any new attributes and searches - I just want something > > that answers the already-done query that you get if you pick ldap > > in authconfig and the already-done queries that are included with > > samba. > > > > > and yes, it does tell you why what the 'clients' are going to request > > > but I suppose you would have to understand the technology to understand > > > the technology. How does someone tell Postfix which filters to use if > > > they can't run a search from the command line? > > > > How do I tell the kernel what drivers to load when it boots? There > > is a remarkable amount of technology in the distribution that > > you don't need to understand to use. If your argument is that > > LDAP isn't ready for prime time, just say so. > > > > > If I am setting DSA up to be a samba domain controller, that changes my > > > DSA substantially from those instances where I don't. Samba has this > > > need to find 'Computers' as people and I don't want 'Computers' in with > > > my 'People'. > > > > There are lots of things I don't like to see. If that's what it takes > > to make it work, I just won't look there. It doesn't have to be > > pretty. > > > > > Windows has an entirely different concept of Groups, where > > > one group can contain another group (aka nested groups) but Posix > > > doesn't have a clue what that is about. Windows has 'domain' groups and > > > 'local' groups but Posix has only 'local' groups. So the answer to your > > > question about why your setup might be different than mine or one setup > > > might be different than another should be evident. > > > > No. If yours is going to work with windows and linux and mine is going > > to work with windows and linux (and I think I said that was a > > requirement long ago), then the schema has to include both Posix and > > samba stuff. If that isn't true, please clarify what the other > > workable choices would be. > > > > > Lastly - and it's obvious that I haven't made this point clear but I > > > will try one last time... > > > > > > LDAP is entirely flexible - it is a database with teeth. It has been > > > given other tools to make it useful for things like authentication > > > systems. > > > > Now you are sounding like a database admin that insists that all > > programming tasks have to be re-invented as stored procedures > > just because it is possible to do in his favorite language (and > > it gives him a lot of job security). My goal is to avoid doing > > anything unique or that would not work in any mixed linux/ > > windows network. Given that the client queries are already > > built into the distribution I still don't see why that is > > impossible. > > > > > If some distribution or project comes up with an LDAP turnkey > > > facility, it will be an entirely limiting, their concept, their > > > implementation, their vision. > > > > Yes, that's exactly what I want. Something that provides the > > functionality to make the distribution work, and to whatever > > extent other distributions follow the same standards, include > > them. > > > > > You will find it useful while you have no > > > concept, little understanding of the implementation and no vision of > > > your own. The only thing that will let you escape from that concept, > > > that implementation and that vision is to learn the technology. > > > > Yes, useful is what I want. There are plenty of other databases > > for visions. Postgresql would probably be my first choice. > ---- > OK then, I guess you are good to go > > Craig > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > Vision is terribly important but a few people here have made the obvious declaration that a number of complex tasks in Linux have been scripted, automated and configured for the use of guis. Considering the work the "competitors" over at Suse have done with yast tools for setting up ldap, and samba and such it should seem to be a kick in the butt for RH and the Fedora community. But then again, if you use that you have to worry about Suseconfig hosing your manual settings in the background so it ain't worth it. But come one RH tools at least the ones I have used tend to do things right like just adding stuff to the bottom of a config and not completely erasing your manual settings. What is needed for a full OpenLdap, Kerberos, Samba (OpenDirectory) style solution? Just two things. 1) Setup druid -- Automatically yum installs any needed packages you don't have installed and run through the initial configuration of making a linux "domain" with secure authentication and samba sharing of directories all in one shot. 2) Directory Administrator -- available already at http://diradmin.open-it.org/index.php for initial setup of users and the conitnued maintenance of LDAP. It seems like half the battle is in essence already won. All we need is the setup part for the complete package. I love my command line but something this large and complex begs for the kinds of scripts and a solution like I just mentioned above. This kind of we can do without a gui or in Sun's case with NIS+ we won't make a gui until its too late and try to charge for it kind of thinking that is fine for the old-timer BOFH but kills the newb. Come on, if frickin' Apple can do an OpenDirectory solution then RedHat and Fedora can. Half the stuff Apple uses if opensource stuff with a cute gui in front.
