Re: Frontends to administer servers

[Markus Schabel <markus.schabel@tgm.ac.at>]

Dan Ros wrote:
> > -----Original Message----- From: Adrian 'Dagurashibanipal' von
> > Bidder
> > (personal note: I'd not use mysql, but postgresql instead. YMMV.)
> >
> > Generally: use whatever technology you know already. This means I
> > have a heavy anti-LDAP bias, but I know SQL quite well. For others,
> > this may mean that they'll use LDAP since they know how to set it
> > up and run it.
> >
> > I think for what you want, both technologies can be used without
> > big problems, so it really comes down on how much time do you spend
> >  learning the tools. (As for authentication: yes, there are many
> > LDAP backends for server applications. But there are many sql
> > backends for server applications, too.)
>
>
> I am also trying to decide between ldap and [my]sql for a centralised
>  authentication and management system.
>
> Seems to be that on the plus side for ldap, it has fairly mature
> application interfaces and pre-existing data structures for things
> like bind zonefiles. On the minus side i don't know anything about it
> and it may be inflexible.

on the plus side you can also add the simplicity of database
replication and that you can use your ldap user directory also for your
mail clients (addressbook).

> Mysql has the obvious advantage that coding up a php interface to it
> all is very easy and I can write scripts to grab data out of the
> database and create local config files from that.

there's no difference to LDAP. the php-ldap interface is pretty good and
well documented, the perl interface is also good, and it's no problem
to generate all things you like out of ldap.

> On the minus side thats prone to flakiness and inconsistencies and
> the pam_mysql module is woefully devoid of nss support and some other
> nice features.
>
> I'm wavering towards the path of putting a bit of time in to learn
> LDAP and going for a proper solution (instead of bunch-of-scripts
> mysql solution) which should be more extensible and scalable in the
> long term. Personally though I don't see why LDAP is any better than
> a properly constructed database, other than the application
> interfaces that already exist.

i guess there must be some reason why eDirectory, ADS and Domino use
LDAP ;-)
I personally like the replication process and ldap _is_ optimized for
search access. LDAP authentication and other things (mail aliases, ...)
are pretty easy to implement in almost any software...

best regards
--
          \\\ ||| ///                               _\=/_
           (  @ @  )                                (o o)
+--------oOOo-(_)-oOOo--------------------------oOOo-(_)-oOOo------+
| Markus Schabel      TGM - Die Schule der Technik   www.tgm.ac.at |
| IT-Service          A-1200 Wien, Wexstrasse 19-23  net.tgm.ac.at |
| markus.schabel@tgm.ac.at                   Tel.: +43(1)33126/316 |
| markus.schabel@members.fsf.org             Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org)   |
|        oOOo        Yet Another Spam Trap:     oOOo               |
|       (    )    oOOo    yast@tgm.ac.at       (   )     oOOo      |
+--------\  (----(   )--------------------------\ ( -----(   )-----+
          \_)     ) /                            \_)      ) /
                 (_/                                     (_/

Computers are like airconditioners:
  They stop working properly if you open windows.