2007/663 Winchester directory-based name mapping [FastTrack timeout 11/30/2007]
Nicolas Williams
Nicolas.Williams at Sun.COM
Wed Nov 21 08:45:17 PST 2007
On Wed, Nov 21, 2007 at 10:01:20AM -0500, James Carlson wrote:
> Gary Winiger writes:
> > + config/ad_unixuser_attr
> > + Specify the name of the AD attribute that contains the UNIX
> > + user name. There is no default.
>
> Unless I misunderstand how this is supposed to be used, it sounds like
> the schema for AD is really placed into the hands of the
> administrator, and thus could be different at every site, or even
> between groups within a site. And it will need to be separately
> configured on every client system.
Correct.
> The logical conclusion is that you'll probably need to associate
> attribute names with particular LDAP servers, and I don't see how
> that'd be done with this proposal.
Not particular LDAP servers but particular domains.
> This sounds at least a little messy, as though we're handing users a
> kit of parts and telling them to build a system out of it. Is there
> any way we can avoid exposing so much of the internal design to users?
> Why can't there be default names reserved?
We've been asked to provide a feature found in other products, and this
is what they do.
> > o Use of libsldap
> >
> > libsldap is Contracted Consolidation Private. The i-team in this
> > case is part of the netrep team, which owns libsldap, therefore no
> > contract should be needed.
>
> Architectural issues have nothing to do with the management structure
> or the project team composition.
>
> Is this project delivering through the same consolidation as libsldap?
Yes.
Nico
--
More information about the opensolaris-arc
mailing list