[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Saturday 27 January 2007 11:52, Kai Hendry wrote: > LDAP is an over rated, overly complex piece of software IMO. > > In my experience using a mysql table for your users is fine. Until you find you actually need the complexity that LDAP can offer. Its a bit like most things in computing - you start doing it the easy way and then you find later on that you have to move to the more complicated way but its too late... Wot you need is to start with LDAP in a simple way which isn't easy - it needs a front end that can set up the simple scenarios. I did write one many moons ago but it wasn't mine to keep - and I never did find out if it would extend to other more complicated scenarios. > Getting any CMS to authenticate to mysql is usually straight forward. > Unlike LDAP. LDAP has a well defined api and its not too hard to communicate with: Can user A do this? Wot can user A do.. What users can do this ... are (were) relatively easy to implement. > Keep it simple, NO! MAKE it simple but make sure its FULLY extendible. In an ideal world everyone would start with a full blown ERP system thats got a 'simple' configuration. But we don't, we start off with simple this and simple that and then have to pay massive amounts to convert 10,000 excel files and 'simple databases' into something coherent. Which is often logistically impossible. Programming is like building - the stronger the foundations the higher you can build. Microsoft have flogged that idea that computing is simple for years and that never works: when it boils down to it you cant manage n parameters with n-1 controls. A CMS without enterprise level access controls will never become an enterprise level CMS. A CMS which can utilise an enterprise level access control at least has a chance of becoming one. A CMS that can utilise a simple access control system that can then be upgraded (the access control that is) to a more complicated level as necessary stands a much better chance of being used on a personal level and an enterprise level. Now it that access control can be across all your other computer resources as well... LDAP has a steep learning curve but it is not beyond the wit of an average programmer to hide the potential complexity behind a front end and allow simple peer control, while not precluding a full blown system. Try writing one of those in sql - you'll be reinventing LDAP in the long run, and the faults they put into LDAP on the way. Unix (hence Linux) started with the philosophy of each program should do one thing and do it well. Have a look at PAMs. You don't get those in Windows (hoch spit) but if you go to LDAP theres practically nothing you cant use it in - well maybe an Amstrad PCW. Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html