On 9/1/07, Nicolas Mailhot <nicolas.mailhot(a)laposte.net> wrote:
We all know active directory is just kerberos+ldap, we've been
shipping
kerberos & ldap infrastructure for years (and the fedora directory
server is supposed to be even better), and yet somehow few (if any) ever
use it.
Let me tell you my experience. Around the first of this year, I
decided to use kerberos+ldap to manage the machines in my research
lab. After spending hours reading documentation and experimenting
with kerberos and ldap separately, I got everything configured. It
was only then that I discovered that libuser doesn't support
kerberos+ldap.
Not wanting to waste all that time, I eventually went with the
solution to be found at
http://jjames.fedorapeople.org/libuser/ (note
to libuser maintainer: there is likely a bug in libuser that can and
should be fixed; see that URL for a hint). However, there don't
appear to be any warning signs anywhere telling people to watch out
for the kerberos+ldap+libuser combination. At least, I've never seen
any. Have you?
I didn't try Fedora Directory Server; if I'm reading the web page
correctly, I went through all this in the month before it hit Fedora
Extras. The question is moot now since I no longer manage a research
lab.
--
Jerry James
http://jjames.fedorapeople.org/