Sam Varshavchik writes:
> exactly sure how everything works together, but I'm told that this makes
> it easier for some people...
>
>
> --
> Sam
>
I think it's desirable that that file contains attribute types that are
commonly used for mail servers. There are RFCs that describe these.
organizationalPerson and inetOrgPerson are very common object classes that I
tried to match my auxiliary attributes to as much as possible. If I don't, I
KNOW it will bite me in the arse in the future, and I will have to redesign
everything from scratch. The reason for this, is simply because most
software out there supports these common attributes. Cisco RADIUS server is
a good example (though I had to add groups support, and the server is very
clumsy software, but it still works).
One thing you have to remember is that many sysadmins who are trying to
set-up LDAP authentication do not have desire to meddle with it and just
want to get things working. This practice doesn't work with LDAP, and the
result is an inflexible or a complex directory that will have to be modified
heavily each time a new LDAP-aware service is added to the network :(.
--
Dan
Three days of testing can save 10
minutes reading manuals.
