----- "Simo Sorce" <simo@xxxxxxxxxx> wrote: > > Well I have some knowledge in this field, and I do not find it very > fiddly, but I may be biased as I have been working for the past 7 > years > to make LDAP+Kerberos simple to manage within the FreeIPA project. > Your requirement to set an objectclass on the base suffix is something > I > find particularly unappealing, and no other tool that I know of > requires > this (because it is unnecessary). Yes. Thank you. > > > > I think you should allow the broadest possibilities of course, which > is > why I am picking on things like allowing SSAL/GSSAPI explicitly in > the > RFC language. Whether people will integrate into existing LDAP server > or > not remains to be seen, if we can avoid the need to add an objectlass > on > the root suffix I see that we can easily add this a standard feature > for > FreeIPA as well (we already provide automount data for example) and > provide management tools in our framework around it. I noted this point on a FedFS concall 2 years ago. I dont understand why not -permit- easy integration with existing LDAP infrastructure. -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html