Re: [ldapext] A more radical approach to 2307

Jim Willeke <jim@willeke.com> Fri, 04 December 2015 18:10 UTC

Return-Path: <jim@willeke.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F00C1A90A7 for <ldapext@ietfa.amsl.com>; Fri, 4 Dec 2015 10:10:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYqvXNxRUI94 for <ldapext@ietfa.amsl.com>; Fri, 4 Dec 2015 10:10:45 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B5ED1ABD8F for <ldapext@ietf.org>; Fri, 4 Dec 2015 10:10:43 -0800 (PST)
Received: by ykdv3 with SMTP id v3so133300647ykd.0 for <ldapext@ietf.org>; Fri, 04 Dec 2015 10:10:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=willeke-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=JsjQ+sdmvMZmd5UVlQ8JX9IbFt8Jiv6rvRY84QEsTbg=; b=qS5YO3GxiuWf2hkYcJX6lo4BpEB51IpGLU8xo8A+K6/e+zqDRQTk2r6oMqqs0iti7Q loVvyHfx2bJ5JJnALr/fkClWhmi/Nl6Xx15KhZxe57bQN6LFoeh2dxgMJbFdvRb4hgzv 9+t8krtORClPzRunHxWObtq0JHf7tdEJNxGbqNIw66M8cOSNms6cd6ZZI4+S0hXdSe7N 7pSdKYWGSIccNGOOgO2xM0K6iozyGFjYB/7z8DvHnHsn8ECv/e556ywqzA8d0+zgtGRT fxSUBIeVYiStMGs/DK0jqUXXfqJ6IjD50bSmWAVU2PraEn3b2pUc//JfD/1xN4mawN24 Ocqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=JsjQ+sdmvMZmd5UVlQ8JX9IbFt8Jiv6rvRY84QEsTbg=; b=ZZOrF3fwA67GRSqEFOHjEzDlaBmED0ZGvAh2tahvbSzZB7SX28tq1KqW3tzL2WqBH8 Le4OF2GkWzai92v6+rX52QA51q+s3NnoJfmjpSR5f43hKSbWdSU12b6BsMz2qD5JkMsT I7bMYBUUs/StZuljfkPAWIqbuQAMD8Nq0+/a7nK0/3Yq6hzpfo3W7FektGMDfpsomeKi f/qHcPJVYW9FSTxRSsLtDEeXWhA69loAJAbU5R6IO2N6oykjFqK4ov9zNhh7mLxDzNNv VNFiPNEOt+V6gTpU//i9e9rO+K61DFN3K51/visX/3xRy1aUTggeBLrx0uG1JeUtyRMB Fpiw==
X-Gm-Message-State: ALoCoQm4oIfAIO3npnNke3BmxWn1Is5T7+kjeToeWGqxminLyTucvp1tMpS0Kdt1ZXwp5p9xp5ep
X-Received: by 10.129.132.136 with SMTP id u130mr12084582ywf.208.1449252642646; Fri, 04 Dec 2015 10:10:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.224.209 with HTTP; Fri, 4 Dec 2015 10:10:03 -0800 (PST)
In-Reply-To: <20151204180003.GK3643@slab.skills-1st.co.uk>
References: <20151204180003.GK3643@slab.skills-1st.co.uk>
From: Jim Willeke <jim@willeke.com>
Date: Fri, 4 Dec 2015 10:10:03 -0800
Message-ID: <CAB3ntOtLx_CUTZHWL0QZNv_oWk3ZxBhhRG9J5WFJr+EwhmN4aw@mail.gmail.com>
To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Content-Type: multipart/alternative; boundary=001a114eed62f4a0230526166c1f
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/0GVZ3ziC7PyGHabYjaa4hv_wwQk>
Cc: ldapext <ldapext@ietf.org>
Subject: Re: [ldapext] A more radical approach to 2307
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 18:10:47 -0000

I tend to agree with Andrew.

--
-jim
Jim Willeke

On Fri, Dec 4, 2015 at 10:00 AM, Andrew Findlay <
andrew.findlay@skills-1st.co.uk>; wrote:

> RFC2307, 2307bis and DBIS all start from the NIS/YP/files-in-etc model
> and represent the data in LDAP with varying degrees of fidelity.
> Is this actually a good idea? I rather think not.
>
> The big value of LDAP and related things in complex organisations is
> that it allows a single abstract representation of 'important stuff'
> that can be used by many systems. To work in this environment the
> systems have to be flexible, with minimal built-in assumptions about the
> data. We have already established that no abstract representation can
> provide the full generality and semantics of each system's native
> database so compromise and simplification is essential.
>
> With this in mind (and donning my best flameproof suit) I suggest a
> radical approach to the task in hand:
>
>         Throw out most of the 2307 NIS-like definitions.
>
>         Consider what an Enterprise-level LDAP service might really
>         contain *before* any OS-specific or app-specific requirements
>         are imposed on it.
>
>         Create new schema if needed to support a clean representation
>         of that Enterprise data.
>
>         Create new AUXILIARY classes to support the attributes needed
>         for POSIX systems.
>
> The resulting set of attributes and classes would be *much* smaller than
> the 2307 set. Some whole categories could just vanish, e.g.:
>
>         All the shadow password stuff (draft-behera is difficult enough
>         and we don't need to duplicate its function on the client side)
>
>         memberUid (we really *dont* need a POSIX-specific way to
>         represent groups, and the syntax of memberUid does not even
>         match that of uid)
>
>         Most of the less-used NIS-map attributes and classes could be
>         hived off into separate documents, or even dumped in favour of a
>         generic structural lookup table with explicit case ignore/case
>         sensitive semantics.
>
> Andrew
> --
> -----------------------------------------------------------------------
> |                 From Andrew Findlay, Skills 1st Ltd                 |
> | Consultant in large-scale systems, networks, and directory services |
> |     http://www.skills-1st.co.uk/                +44 1628 782565     |
> -----------------------------------------------------------------------
>
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www.ietf.org/mailman/listinfo/ldapext
>