 LDAP Core schema changes
Just some preliminaries and I now have installed a 4 server enviroment (VMware ) with 1 ldap master, 1 ldap replica, 1 server with store etc and a seperate server with mta.
After the install I went into use slapcat to spit the database out to ldif (everything not just what someone wants you to see) and I started to find funny (VERY NOT FUNNY) changes to the core schema. Haven't worked out how tragic this is but I get a bad feeling here as userPasswd and uid are two of them. I have spent most of my professional life working in directories and identity related fields. Directory design for scale and performance, identity management, security, user store sychronization. Fixing the crap from some bonehead who has adjusted the core LDAP schema for his purpose whatever and now can't make it work well across the empire. ####heads who have decided to create their own schema becaue they could.
Another nasty is the Zimbra requirment to search the directory as an anomymous user. I have never met a medium or large company yet who would allow anonymous access to user data no matter how inoxious it may seem such as mail, cn, sn, givenName or title. |