[OpenAFS] Ldap & AFS

Tim C. tim@umbc.edu
Fri, 11 Oct 2002 21:16:24 -0400 (EDT) 

> I thought about this and it was discussed at the LISA 2002 AFS workshop
> but the consensus seems to be that although it would not be extremely
> difficult to modify pts (I was looking at milko pts btw) most people
> would be able to do what they need to do (usually some kind of account
> synchronization) if pts allowed for storing some kind of extra metadata
> along with the principal. For instance if you could stick the LDAP dn
> in the pts record indicating both that the entry has been synchronized
> with the directory and also indicating the equivalence. Maybe you need
> some kind of timestamp-thingy aswell.
>
  Unfortunately I was unable to attend the conference.  However, I do have some
opinions on this. :^}  Having the pts information stored in an LDAP server
would provide a signifigant benifit.  One is the ability to integrate with a
larger system.  We have spent a significant amount of money building a
replicated ldap server setup.  It would be great to be able to use that to
control the AFS pts information.  Also it would be very helpful to have all the
information in one place.
  You mentioned that it would suffice to store a dn in the pts entry, however
that still requires that you have to create both entries.  However, if it was
in LDAP, then you would only have to create one entry.  This would also make
use of all of the interfaces out there already for Ldap.
  You've already stated that it shouldn't be too dificult to make ldap be used
for the pt database, but the pt database couldn't be used for account
management.  So it might be a good option to look farther into.  Maybe not
nececarily as a default(cause some people don't want to have to have an ldap
server ;), but it would be good as an option.

Just my two cents.  Any one else agree, disagree, have other ideas on this?

Tim

-----------------------------------------------------------------------
Tim Craig		These are my opinions and not my employers. :)
OIT-Systems	&	Imaging Research Center
tim@umbc.edu		It's hard to be serious when you're
			naked. - Garfield
-----------------------------------------------------------------------