[ldap] Re: multiple passwords for a user

Wed, 04 Jun 2008 22:00:44 -0700 



From: Dustin Puryear<[EMAIL PROTECTED]>
Date: Wed, 04 Jun 2008 11:29:00 -0500



I have yet to see a good, working open source IAM solution. Unfortunately.



I don't think there's enough critical mass in the plumbing yet. Given all the 
projects reinventing the wheel (OpenDS etc...) instead of enhancing what 
already exists, the already-rare open source expertise in this technology is 
just spread too thin.



We work with commercial IAM solutions (e.g., Sun, CA) all the time with
our clients, but for small installations it would be VERY nice to have a
viable open source alternative.



That almost doesn't make sense to me. IAM has tended to mean big cumbersome 
shelfware sold to large enterprises. In small installations the problem really 
isn't big enough, and sysadmins aren't desparate enough yet. It might be nice, 
but usually in a small installation you can just attack the problem directly 
by consolidating accounts, so you don't need a management system to track 
multiple accounts per user.



--
Dustin Puryear
President and Sr. Consultant
Puryear Information Technology, LLC
225-706-8414 x112
http://www.puryear-it.com

Author, "Best Practices for Managing Linux and UNIX Servers"
    http://www.puryear-it.com/pubs/linux-unix-best-practices/


Sébastien Barthélemy wrote:

Hello

thank you for this detailed explanation.


Keep in mind that you now need to provision TWO accounts, one as the primary
and one for SVN only. Assuming you have an IAM solution in place (even if
it's homebrewed), this should be a no-brainer. (Yes, we do IAM.)

No, I don't have any IAM solution, I even don't use LDAP for anything
other than testing now. Indeed, I was looking at ldap as a way to
centralize the user management, but I found no good solution. It seems
more and more obvious that the good way to handle this is to store
data in a database and use it to feed the ldap directory.

I guess this is the job of an IAM solution, do you know any good
open-source one ?



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

---
You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.






















					Reply via email to