Re: [ldapext] A more radical approach to 2307
Jim Willeke <jim@willeke.com> Fri, 04 December 2015 18:10 UTC
Return-Path: <jim@willeke.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F00C1A90A7 for <ldapext@ietfa.amsl.com>; Fri, 4 Dec 2015 10:10:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYqvXNxRUI94 for <ldapext@ietfa.amsl.com>; Fri, 4 Dec 2015 10:10:45 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B5ED1ABD8F for <ldapext@ietf.org>; Fri, 4 Dec 2015 10:10:43 -0800 (PST)
Received: by ykdv3 with SMTP id v3so133300647ykd.0 for <ldapext@ietf.org>; Fri, 04 Dec 2015 10:10:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=willeke-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=JsjQ+sdmvMZmd5UVlQ8JX9IbFt8Jiv6rvRY84QEsTbg=; b=qS5YO3GxiuWf2hkYcJX6lo4BpEB51IpGLU8xo8A+K6/e+zqDRQTk2r6oMqqs0iti7Q loVvyHfx2bJ5JJnALr/fkClWhmi/Nl6Xx15KhZxe57bQN6LFoeh2dxgMJbFdvRb4hgzv 9+t8krtORClPzRunHxWObtq0JHf7tdEJNxGbqNIw66M8cOSNms6cd6ZZI4+S0hXdSe7N 7pSdKYWGSIccNGOOgO2xM0K6iozyGFjYB/7z8DvHnHsn8ECv/e556ywqzA8d0+zgtGRT fxSUBIeVYiStMGs/DK0jqUXXfqJ6IjD50bSmWAVU2PraEn3b2pUc//JfD/1xN4mawN24 Ocqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=JsjQ+sdmvMZmd5UVlQ8JX9IbFt8Jiv6rvRY84QEsTbg=; b=ZZOrF3fwA67GRSqEFOHjEzDlaBmED0ZGvAh2tahvbSzZB7SX28tq1KqW3tzL2WqBH8 Le4OF2GkWzai92v6+rX52QA51q+s3NnoJfmjpSR5f43hKSbWdSU12b6BsMz2qD5JkMsT I7bMYBUUs/StZuljfkPAWIqbuQAMD8Nq0+/a7nK0/3Yq6hzpfo3W7FektGMDfpsomeKi f/qHcPJVYW9FSTxRSsLtDEeXWhA69loAJAbU5R6IO2N6oykjFqK4ov9zNhh7mLxDzNNv VNFiPNEOt+V6gTpU//i9e9rO+K61DFN3K51/visX/3xRy1aUTggeBLrx0uG1JeUtyRMB Fpiw==
X-Gm-Message-State: ALoCoQm4oIfAIO3npnNke3BmxWn1Is5T7+kjeToeWGqxminLyTucvp1tMpS0Kdt1ZXwp5p9xp5ep
X-Received: by 10.129.132.136 with SMTP id u130mr12084582ywf.208.1449252642646; Fri, 04 Dec 2015 10:10:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.224.209 with HTTP; Fri, 4 Dec 2015 10:10:03 -0800 (PST)
In-Reply-To: <20151204180003.GK3643@slab.skills-1st.co.uk>
References: <20151204180003.GK3643@slab.skills-1st.co.uk>
From: Jim Willeke <jim@willeke.com>
Date: Fri, 04 Dec 2015 10:10:03 -0800
Message-ID: <CAB3ntOtLx_CUTZHWL0QZNv_oWk3ZxBhhRG9J5WFJr+EwhmN4aw@mail.gmail.com>
To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Content-Type: multipart/alternative; boundary="001a114eed62f4a0230526166c1f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/0GVZ3ziC7PyGHabYjaa4hv_wwQk>
Cc: ldapext <ldapext@ietf.org>
Subject: Re: [ldapext] A more radical approach to 2307
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 18:10:47 -0000
I tend to agree with Andrew. -- -jim Jim Willeke On Fri, Dec 4, 2015 at 10:00 AM, Andrew Findlay < andrew.findlay@skills-1st.co.uk> wrote: > RFC2307, 2307bis and DBIS all start from the NIS/YP/files-in-etc model > and represent the data in LDAP with varying degrees of fidelity. > Is this actually a good idea? I rather think not. > > The big value of LDAP and related things in complex organisations is > that it allows a single abstract representation of 'important stuff' > that can be used by many systems. To work in this environment the > systems have to be flexible, with minimal built-in assumptions about the > data. We have already established that no abstract representation can > provide the full generality and semantics of each system's native > database so compromise and simplification is essential. > > With this in mind (and donning my best flameproof suit) I suggest a > radical approach to the task in hand: > > Throw out most of the 2307 NIS-like definitions. > > Consider what an Enterprise-level LDAP service might really > contain *before* any OS-specific or app-specific requirements > are imposed on it. > > Create new schema if needed to support a clean representation > of that Enterprise data. > > Create new AUXILIARY classes to support the attributes needed > for POSIX systems. > > The resulting set of attributes and classes would be *much* smaller than > the 2307 set. Some whole categories could just vanish, e.g.: > > All the shadow password stuff (draft-behera is difficult enough > and we don't need to duplicate its function on the client side) > > memberUid (we really *dont* need a POSIX-specific way to > represent groups, and the syntax of memberUid does not even > match that of uid) > > Most of the less-used NIS-map attributes and classes could be > hived off into separate documents, or even dumped in favour of a > generic structural lookup table with explicit case ignore/case > sensitive semantics. > > Andrew > -- > ----------------------------------------------------------------------- > | From Andrew Findlay, Skills 1st Ltd | > | Consultant in large-scale systems, networks, and directory services | > | http://www.skills-1st.co.uk/ +44 1628 782565 | > ----------------------------------------------------------------------- > > _______________________________________________ > Ldapext mailing list > Ldapext@ietf.org > https://www.ietf.org/mailman/listinfo/ldapext >
- [ldapext] A more radical approach to 2307 Andrew Findlay
- Re: [ldapext] A more radical approach to 2307 Jim Willeke
- Re: [ldapext] A more radical approach to 2307 Michael Ströder
- Re: [ldapext] A more radical approach to 2307 Bannister, Mark
- Re: [ldapext] A more radical approach to 2307 Jordan Brown