On Thu, 2003-12-18 at 23:07, Gil Freund wrote:
[snip]
I did that. I use LDAP now for authentication and mail routing for all 4 of my enterprise network users.
I also used PHPGroupware as a front end to enter contact information so I can access it via Mozilla and such. I since dropped phpgroupware and am Using TUTOS which uses an SQL back end.
LDAP has the following shortcomings (as far as I am concerned)
1. ACL's are external to the directory, which makes it hard to have private, public and shared contacts.
Check these examples: http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html#GROUPADMIN
My point exactly. The fact that ACL's are not inside the directory means that delegating permissions is harder and more error prone. E.g.: I (as a user) might have permissions to enter an entry into an OU, but in order to set access rights for some other users in the OU (or other OU's), I need access to the slapd.conf file.
2. There is a shortage of reasonable front ends for data entry tools which comply with standard schemes. rolodap and phpgroupware are the only ones I have seen so far. There are general purpose interfaces which give you access to the whole directory tree and allow you to preform a lot of functions, and you can always write up LDIF files... But, no simple phone book style data entry.
Check out the Directory Administrator: http://diradmin.open-it.org/index.php
I use it a lot. It's main limitations are:
1. It's only for users and groups in a single OU or O context.
2. Does not allow for multiple data items per entry (such as multiple e-mail addresses)
3. It's not easy to assign field to schemes, other then the build in ones (it's doable, being OSS, but using configuration files would have made it easier.
Just a note, if you allow external access to your LDAP server, be sure to use SSL. If you don't keep security related or sensitive information and you don't can about other people reading your phone book, you can use normal access, but make sure you use an anonymous connection.
--Amos
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
-- ========================================= Gil Freund Sysnet consulting ----------------------------------------- [EMAIL PROTECTED] http://www.sysnet.co.il voice: +972-52-676906 Fax: +972-8-9356026 =========================================
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
