> Given that we had a pipeline stage that connects to *RPI it probably > 'just' takes a lot of time to do this. And I must say I have not > thought about how to map all the z/VM defined calls to the ESM on LDAP > queries. You certainly would end up with non-standard schema's for > that, and that may or may not fit in what else you do in LDAP.
Yep. Major programming effort, but it would be mighty handy. Actually, *RPI to PAM would be the win -- then you could use all the PAM back ends, which conveniently already do LDAP, et al. We have the beginnings of a IUCV service in the CMM code; perhaps the IUCV bit of that code could be borrowed for this purpose? IMHO, the thing to do would be to map the ESM POSIX operations to the Active Directory schemas. That would be a step toward convergence, it would short-circuit a lot of whining about VM not playing in "enterprise directories", and actually the combination of LDAP and Kerberos would be a Good Thing. Kerberizing the CP internals would be a bear to do, but once it's done, then there are all manner of interesting things that could happen. Why do I think this? Well, according to the Endicott folks, the boot-from-SCSI code incorporated a C runtime into CP to support the 9336 emulation layer. Since that's already in place, more stuff in CP could be written in C, which dramatically increases the porting friendly-ness of CP. Kerberos is written in C. Suddenly, it's a lot easier to think about it. > And when you go that route, one could even imagine the task of > DirMaint to be rolled into LDAP. Sounds like a fun project... See above. Wouldn't it be fun to be able to say "sure, VM does Active Directory. Next whine?"? -- db ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
