On Mon, Apr 03, 2006 at 01:27:00AM -0400, David Zeuthen wrote:
> I wish that people working on the server bits (e.g. Apache, Postfix)
> would take a similar stance and only make their software read
> settings from LDAP (or whatever) for the site-wide case.
This always seems like a nice simple idea in theory. The reality is
that you'd have to put so much complexity in to deal with stuff like
working out what to do during a restart if the LDAP server suddenly
stops responding (at the point where you have already thrown away the
old config). You also have to come up with (and hard-code!) some LDAP
schema; and have it extensible to third-party modules (i.e. generic
enough that it's just untyped key-value pairs again). And how do you
configure the LDAP connection: TLS, auth, etc? Just relying on the
system-wide defaults doesn't cut it for 99% of apps so why would it
here? And why only support an LDAP backend? Why not also an SQL
database, or a WebDAV repository?
I also think LDAP adds a considerable ammount of complexity with its need for a schema, was not designed for this purpose, adds risk of network unavailability, makes no sense in single computer environments, and is wrongly inspired in AD, because AD is not LDAP: it is more than LDAP, and some parts of it can be represented as an LDAP server.
On the other hand, if these softwares are elektrified, you can point their configurations to be read from the network, just switching the key database backend. This is transparent to the application.
Regards,
Avi
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list