From owner-freebsd-hackers@FreeBSD.ORG Thu Jan 11 17:45:58 2007 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 58DF316A407 for ; Thu, 11 Jan 2007 17:45:58 +0000 (UTC) (envelope-from mwm-keyword-freebsdhackers2.e313df@mired.org) Received: from mired.org (vpn.mired.org [66.92.153.74]) by mx1.freebsd.org (Postfix) with SMTP id DAFF313C441 for ; Thu, 11 Jan 2007 17:45:57 +0000 (UTC) (envelope-from mwm-keyword-freebsdhackers2.e313df@mired.org) Received: (qmail 54997 invoked by uid 1001); 11 Jan 2007 17:18:51 -0000 Received: by bhuda.mired.org (tmda-sendmail, from uid 1001); Thu, 11 Jan 2007 12:18:50 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17830.29050.791321.480369@bhuda.mired.org> Date: Thu, 11 Jan 2007 12:18:50 -0500 To: Vulpes Velox In-Reply-To: <20070111035549.7c11a450@vixen42> References: <60737.24.71.119.183.1168496463.squirrel@webmail.sd73.bc.ca> <45A5EA3B.9020000@datalinktech.com.au> <20070111035549.7c11a450@vixen42> X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid X-Primary-Address: mwm@mired.org X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`; h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Delivery-Agent: TMDA/1.1.5 (Fettercairn) From: Mike Meyer Cc: hackers@freebsd.org Subject: Re: LDAP integration X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2007 17:45:58 -0000 In <20070111035549.7c11a450@vixen42>, Vulpes Velox typed: > LDAP is nice organizing across many systems, but if you are just > dealing with one computer it is complete over kill for any thing. In that situation, it's not merely overkill, it's may actually be a bad idea. Can you say "AIX SDR"? How about "Windows registry"? Those system both took the approach of putting all the configuration information in a central database. This creates problems because the tools needed to examine/fix the config database require a complex environment - at least compared to a statically linked copy of ed. LDAP may not be so bad, but it still makes me nervous. On the other hand, if you've got a flock of boxes to manage, having a way to tell the rc subsystem "Go read config values from this LDAP server" seems like a very attractive alternative. http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.