2007/663 Winchester directory-based name mapping [FastTrack timeout 11/30/2007]
James Carlson
james.d.carlson at sun.com
Wed Nov 21 07:01:20 PST 2007
Gary Winiger writes:
> + config/ad_unixuser_attr
> + Specify the name of the AD attribute that contains the UNIX
> + user name. There is no default.
Unless I misunderstand how this is supposed to be used, it sounds like
the schema for AD is really placed into the hands of the
administrator, and thus could be different at every site, or even
between groups within a site. And it will need to be separately
configured on every client system.
The logical conclusion is that you'll probably need to associate
attribute names with particular LDAP servers, and I don't see how
that'd be done with this proposal.
This sounds at least a little messy, as though we're handing users a
kit of parts and telling them to build a system out of it. Is there
any way we can avoid exposing so much of the internal design to users?
Why can't there be default names reserved?
> o Use of libsldap
>
> libsldap is Contracted Consolidation Private. The i-team in this
> case is part of the netrep team, which owns libsldap, therefore no
> contract should be needed.
Architectural issues have nothing to do with the management structure
or the project team composition.
Is this project delivering through the same consolidation as libsldap?
If not, then either a contract will be needed or the library's
stability will need to be promoted.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list