What next? LDAP
Nicolas Mailhot
Nicolas.Mailhot at laPoste.net
Thu Jun 2 18:37:46 UTC 2005
Le jeudi 02 juin 2005 à 17:05 +0200, Felipe Alfaro Solana a écrit :
> On 6/2/05, Kenneth Porter <shiva at sewingwitch.com> wrote:
> > Agreed. I'm trying to get up to speed on deploying OpenLDAP together with
> > the Samba schema to get single sign-on and a global address book, but it's
> > been tough marshaling all the HOWTO's to figure out what's really required.
> > I went down a wrong path using the PADL scripts bundled with OpenLDAP
> > (because I failed to select the "enhanced" schema in the common config
> > file) and they also fail badly on the /etc/services file due to the
> > presence of Apple protocols. So far the best information for initial setup
> > seems to be in the HOWTO's at <http://samba.idealx.org/>, but I'm still
> > working through it to understand how to migrate my existing setup.
>
> Single sign-on doesn't require a LDAP server, but some kind of central
> identity magament which can be supplied by using a Kerberos V KDC like
> the Kerberos V MIT implementation that comes in the form of krb5-*
> packages for Fedora Core.
Kerberos is insufficient by itself.
9 times out of ten if you're interested in SSO you want at least a
centralised adressbook too. The needs start snowballing pretty quickly.
The Microsoft implementation may be bad but they've understood the needs
of small to big corporations pretty well (for huge corporations their
offering does not scale but they'll be using their own ldap/kerberos
combo anyway).
An easy ldap/krb5 setup would be used starting from two computer
networks. Only licensing and complexity have active directory start
above SMEs.
We need easy SSO, adressbook, network conf, ical, file sharing
(thanksfully dhcp/dns, imap/smtp, ipp, http, sql and office software are
well covered now)
Do this and SMEs won't have any core need for windows anymore (so it can
be relegated to a few seats). They're the ones that feed Microsoft -
home users and corporations either do not buy stuff or get it with huge
discounts.
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20050602/0be49dd6/attachment-0002.bin
More information about the devel
mailing list