On Thursday, October 17, 2002, at 02:00 AM, Buchan Milne wrote:
Agreed. Something like nss_ldap, which is by nature more of a "client" app, is much more prevalent in a desktop environment than a server environment.many of the postings here regard desktop programs in mandrake linux. i understand, that this is important to mandrake. but wouldn't it be nice to play an important role in the server market? this is not the only issue when using ldap with mandrake (see my other postings on this list). i hope, mandrake will fix these bugs as soon as possible.nss_ldap is actually also very important for desktop use, specifically desktop use in a corporate environment.
Absolutely. We can't test every single thing. For instance, being the maintainer of openssh, I couldn't be bothered to test to make sure that putty, ssh (commercial), and every other ssh client for every other platform works. Does this make me an irresponsible maintainer? I don't think so. As long as openssh<->openssh works, and rbrowser on my OS X machine can connect to my linux box over openssh, I'm satisfied it works. I also won't setup a kerberos realm in order to test kerberos authentication. These sorts of tests can (and should) be done by the authors/beta testers of the actual software... I leave it to the openssh team to fix/test these things. I'll make sure that openssh runs on Mandrake in the more typical scenarios and move on to other work.these problems were not difficult to find (why did nobody at mandrake test this?Mandrake development is open, you could have tested it, and it would have been found earlier. It's pretty obvious that Mandrakesoft can't employ enough people to test everything, that's what cooker and the beta releases are for. Bugs are theirs, but only if they know about them.
No, I don't think so either. Nice to have all the cookers called freaks as well. =(i think the beta tests are no good for such features because most of the freaks out there only test their video players etc.)
You obviously haven't been on the cooker list for very long.
ldap is important when trying to replace windows servers with linux/samba and manage user accounts. try to improve quality >> please...
Talk about arrogant... <sigh>
Problems can only be fixed if they are known. I use various versions of Mandrake on a network where we use nss_ldap on all machines, and I haven't seen it, since I usually don't have a seperate /usr.I don't think most people have /usr on a separate partition. I know I typically don't, and haven't for a long time as I don't see the benefit to it. Certainly not on a client system. /home, /, possibly a /boot, and /var/qmail are on their own partitions... This is probably the reason the problem hasn't been seen before. Again, does this mean we're crappy maintainers because we don't sit and attempt every single scenario?
When I have a chance, I'll take a look at it. Seems like I've somehow filled the role of resident LDAP expert (dunno how...).Thanks for the bug report. Vince, will you take a look at this?
I've still got an 8.2 server setup as an LDAP authentication server, but I'm not actually using it as such across the network due to my findings when I wrote the piece for MandrakeSecure. AFAIK, there have been new versions of pam_ldap and nss_ldap recently, and some interesting mails across the mailing list so when I've got a chance, I hope to revise the document and possibly come up with a better and more reliable method of handling authentication. When I do, I'll give it a shot and even waste some time installing in vmware with a separate /usr partition specifically for this test.
Of course, any ideas on a fix would be handy. And reporting the problem to the author so it can be fixed upstream (unless it's a Mandrake packaging issue which it doesn't sound like), would be a good idea as well.
Finally, one could always argue that the author is lazy and incompetent and why didn't he find and fix the problem. But I don't think that would get anyone anywhere fast. Funny how Linux distributions are much better targets as the packagers of software than the authors who wrote the software in the first place.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx - source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature
