LDAP client question

David Hopkins dahopkins429 at gmail.com
Wed Jan 20 18:08:07 GMT 2010 

On Wed, Jan 20, 2010 at 12:43 PM, Scott Balneaves
<sbalneav at legalaid.mb.ca>wrote:

> LDAP's a "hard" subject.  It's:
>
> 1) Non-trivial to set up
> 2) Infinitely customizable
> 3) Lacking any discernable standard as to how you should lay out your
> database
>   for authentication.
>

But ... luckily David Trask and Matt Olmquist put together a script for the
k12ltsp distro that took care of all the steps required for ldap+samba
PDC/BDC using Idealx's tools.  The scripts made it much much simpler to get
a working ldap based on openldap.  I've been using this setup for the last 4
years without any huge issues.

>
> I'm not blaming them.  LDAP *is* the single largest PITA to
> configure/setup/get
> working, and it's deucedly difficult to try to make the "perfect" tool.
>

Agreed ... I manually configured my first ldap server (before Matt's
scripts) and while it worked, it was not trivial.  I've even been looking at
389 (formerly Fedora Directory Services) as the next step and it just isn't
going to happen it seems.

>
> Both RedHat and SkoleLinux solved the problem by saying "You'll do it our
> way
> and *like it*!!!!", with the end result that they have something that
> works,
> but God help you if you want/need to do something different.  Debian, and
> by
> extention Ubuntu, is still waiting for the perfect, infinitely customizable
> yet
> easy-to-use LDAP tool to come along.
>

Don't forget MS and Active Directory. Thing is that all three of these
companies at least put something out there that is 'good enough'  it seems.
As for what I am trying to get ... I simply want to be able to authenticate
against an existing openldap authentication server.  This is something that
should be straightforward and much less controversial.


>
> What happens is:
>
>  * Beginning admins have a hard time setting up LDAP.  They have to
> struggle
>   for a long time to learn all the ins-and-outs of the command line tools.
>  * Once they learn how to use the command line tools effectively, there's
>   absoloutely no impetus for them to contribute to making an easy tool,
> since,
>   now they know how to use the "hard" tool, they're away to the races.
>
> I'm not sure what the solution is.
>
> Needless to say, I can use the ldapmodify(1) family of tools :)
>
>
I use the IdealX smbldap tools ... they work. I've also used Webmin's module
although it doesn't seem to work quite right at times.  Trying to get the
school's IT director to use the command tools has been challenging. I end up
adding/removing all accounts as needed and use phpldapadmin as needed as
well.

Oh well ... it'll get sorted out and things will keep moving forward.

Sincerely,
Dave Hopkins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/edubuntu-users/attachments/20100120/b74e624d/attachment.htm

More information about the edubuntu-users mailing list