Hello,
I'm currently developing a web-based application for a client that
uses openLDAP for authentication and as a shared address book.
OpenLDAP made sense because of its ability to integrate with email
applications, work with many frameworks and other management tools.
But I was disappointed with the lack of adoption of groupOfNames and
groupOfUniqueNames for searches in email apps.
I selected Plone as the framework for this app because of its tight
integration with openLDAP. I'm glad I didn't listen to the dismissive
diatribes about groupOfUniqueNames on this list when I was doing
initial research, because that's what Plone requires. And Plone has
turned out to be an excellent choice for this project, and by
extension, so has groupOfUniqueNames.
I can create a groupOfUniqueNames through the Plone web interface
without declaring an initial member, it's immediately visible in LDAP
and through Plone's website interface. Plone accomplishes this by
adding admin as the first uniqueMember, and that's fine as a
placeholder because admin has access to any object in the directory
anyway. The assertion that groupOfUniqueNames is a poor choice
because of the one uniqueMember minimum is bogus, it works just fine
in a real-world setting.
I'm looking to Sympa as a stop-gap measure for the email app group
search problem. But this is such a basic function of any system which
has groups, it mystified me at first why more apps don't support
groups in openLDAP. But I think I've figured out why.
My client has been using a commercial product as its directory up to
this point, and it's a shame that they'll lose the ability to type a
group's name into an email and have the email delivered to the people
in that group. The vendor has been very good about implementing group
support for their own proprietary directory server, but there is no
support for non-proprietary schemas like groupOfNames or
groupOfUniqueNames. I'm assuming this is because the vendor wants to
sell more directory servers, pretty straight-forward.
It certainly benefits this vendor that the non-proprietary LDAP
community is caught up in a flame war over which type of group is
"best". This means other vendors won't support either groupOfNames or
groupOfUniqueNames for fear of losing their investment when one or
the other eventually becomes the defacto standard. And therefore the
800-pound-gorilla of a vendor alluded to earlier certainly has no
motivation to support groupOfNames or groupOfUniqueNames. There are
shades of Betamax in the gon/goun debate, but the analogy isn't
adequate because standardization on one or the other isn't going to
happen. Both group types are going to be around for along time, both
have good uses. Vendors need to hear that.
So why is there a flame war about this? Are the groupOfNames flag
bearers getting paid by this vendor to keep the FUD going? Probably
not. There's an old saying that it's better to assume ignorance
rather than malice simply because ignorance is more often the true
culprit. That's probably the case here.
I'm getting a bit annoyed with the dogmatism of some folks in this
debate. Please stop pretending that your preferences are something
more than that. I don't know for a fact that the lack of support in
most email applications for LDAP groups of either type is a result of
this inane debate, but it's got to be a factor. I imagine that if the
discussion about these options became more rooted in fact instead of
just opinion, we'd see faster adoption of both group types in all
sorts of applications, making our work easier. By engaging in a flame
for or against groupOfUniqueNames, you're simply delaying adoption.
To the groupOfNames purists: Stop making the good into the enemy of
the perfect. I don't see anyone claiming that groupOfUniqueNames is
somehow innately superior to groupOfNames, why do I see so much of
the reverse? There are instances where groupOfUniqueNames is a better
choice, if that gets your back up, get over yourself and move on to
more important matters.
To everyone else: Test the assertions presented in this forum. And
once you have that first-hand knowledge, choose whatever helps you
accomplish your objectives best.
And if you have any sway with email application developers, spread
the word that we need search support for both groupOfNames and
groupOfUniqueNames in their apps. It's long overdue.
Thank You,
Troy
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
