Le jeudi 02 juin 2005 à 17:05 +0200, Felipe Alfaro Solana a écrit : > On 6/2/05, Kenneth Porter <shiva@xxxxxxxxxxxxxxx> wrote: > > Agreed. I'm trying to get up to speed on deploying OpenLDAP together with > > the Samba schema to get single sign-on and a global address book, but it's > > been tough marshaling all the HOWTO's to figure out what's really required. > > I went down a wrong path using the PADL scripts bundled with OpenLDAP > > (because I failed to select the "enhanced" schema in the common config > > file) and they also fail badly on the /etc/services file due to the > > presence of Apple protocols. So far the best information for initial setup > > seems to be in the HOWTO's at <http://samba.idealx.org/>, but I'm still > > working through it to understand how to migrate my existing setup. > > Single sign-on doesn't require a LDAP server, but some kind of central > identity magament which can be supplied by using a Kerberos V KDC like > the Kerberos V MIT implementation that comes in the form of krb5-* > packages for Fedora Core. Kerberos is insufficient by itself. 9 times out of ten if you're interested in SSO you want at least a centralised adressbook too. The needs start snowballing pretty quickly. The Microsoft implementation may be bad but they've understood the needs of small to big corporations pretty well (for huge corporations their offering does not scale but they'll be using their own ldap/kerberos combo anyway). An easy ldap/krb5 setup would be used starting from two computer networks. Only licensing and complexity have active directory start above SMEs. We need easy SSO, adressbook, network conf, ical, file sharing (thanksfully dhcp/dns, imap/smtp, ipp, http, sql and office software are well covered now) Do this and SMEs won't have any core need for windows anymore (so it can be relegated to a few seats). They're the ones that feed Microsoft - home users and corporations either do not buy stuff or get it with huge discounts. -- Nicolas Mailhot
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
