On a totally unrelated note from the SFD project, I'm looking for
someone who's familiar with Kerberos, LDAP, and Python (or has an
interest in learning them). I'm currently working on plans for a
distribution-independent open source directory service for Linux --
kinda like Red Hat Directory Services or Novell eDirectory, but again,
distro-independent and open source. From my research, there's no
unified, easy-to-setup-and-use package like this for Linux.
If any of you know of a package like this that exists, let me know and
I'll know to scrap the project. If not, bonus! If any of you guys are
interested in joining the project, or know of someone who may, let me
know.
Thanks!
--
Dave Sullivan <demsu...@gmail.com>
http://wiki.ubuntu.com/DaveSullivan
http://daves-pgp-key.doesntexist.com/
It depends on what you want to achieve with the directory. I'd
recommend thinking about using OpenLDAP with a SASL hook for Kerb.
That's basically what Apple did in Mac OS X Server and it would avoid
reinventing the wheel. The SASL stuff can be a pita from the
implementation side.
The basics using PAM and LDAP for identity mgmt at the OS level are
all there.
Speaking from past experiences, LDAP sucks. Its brittle, hard to
get right, the protocols are arcane and don't always interop
correctly. Problems outside the basic user/email/address stuff
become awkward. The servers don't tend to scale well.
Management tools are weak, and tied to the implementation.
Blech. Shivers. Time for a gravol.
Still, if you (and your nascent team) could do as well as Apple has,
it could be handy.
Many (most?) identity management solutions use a private API and a
SQL database. You could even put n LDAP front on it like MS did for
ADS.
Not that I'm suggesting ADS as a paragon of virtue.
Cheers
Blaine
Dave