5 Nov
2018
5 Nov
'18
11:53 p.m.
On 11/05/2018 12:58 PM, Dave Horsfall wrote:
I've used OpenLDAP in a previous job for many
years, for all sorts of
things, and it worked well. I had it integrated with Sendmail and even
Kerberos, but I've forgotten the details now.
ACK
My biggest problem with OpenLDAP, or any LDAP, is (other than my
ignorance) the fact that all of them (save for AD) started with an empty
schema. So I was functionally needing to create a schema that was
hopefully compatible with the things I needed /while/ learning LDAP ~>
$LDAPimplementation. I always felt it was a relatively steep learning
curve. And I was never sufficiently motivated.
Conversely, AD, has a very well established LDAP schema and many things
know how to work with it.
There is a damned good book on LDAP in general (I
can't remember the
title, but it's a thick hard-cover)
Do you by chance know any more details? I'll dig and see if I can find it.
so read it, cover to cover. Then download the
OpenLDAP source (or used
a trusted binary) and read the documentation, esp. the quick start guide
and the admin guide.
ACK
Then read them again :-)
~chuckle~
The most important thing about learning LDAP is
forgetting everything
you ever knew about relational databases; LDAP is a *directory*, not a
database, and the idiots at work were constantly referring to records,
not *entries*, which drove me crazy (I have a Unify RDBMS background too).
I think I understand that. Or at least what (little) I know doesn't
doesn't seem to have any objection to that. I know that I would not
want to use LDAP as a general purpose relational database.
And if/when you start using OpenLDAP, always keep it
up to date; there
is an active mailing list, but the first thing they'll ask is "What
version are you running?". Sure, there's been some lemon releases, but
in general it worked fine for us; the company's balls depended upon it.
Thank you for the ProTip.
--
Grant. . . .
unix || die