As an ops guy, want to +1 the ssl and tls requirements for LDAP, especially to a domain controller, if you want to see adoption of this in enterprise windows domains. We won't let anything connection, even read-only to our domain with LDAP, we only allow LDAPS. And this is pretty much standard.
On Thu, Nov 12, 2009 at 11:23 AM, Coe, Robin <[email protected]> wrote: > I agree. Getting into LDAP will open a can of worms, especially if the > plan is to support Active Directory. There are a lot of RFCs on the subject > of LDAP and Active Directory doesn't support them all. > > If LDAP is the plan, though, there needs to be support for ssl and tls, at > a minimum. > > Robin. > > -----Original Message----- > From: Jonathan Ellis [mailto:[email protected]] > Sent: November 12, 2009 11:11 AM > To: [email protected] > Subject: Re: Cassandra access control (was: bandwidth limiting Cassandra's > replication and access control) > > 2009/11/12 Ted Zlatanov <[email protected]>: > > It sounds like JAAS is a bad idea. I'll use a modular auth system then, > > with two simple implementations (XML file and LDAP) at first. The XML > > file will hold account passwords (one-way hashed) and authorizations. > > wouldn't it be simpler to just put the password hash in the keyspace > definition? > > it's less enterprise but if you need something sophisticated you're > probably going to use ldap anyway... >
