Koozali.org: home of the SME Server
Legacy Forums => Suggestions => Topic started by: Joe Frost on February 26, 2001, 05:25:41 PM
-
Hi,
I've just been looking at E-Smith 4.1.1 after downloading the CD image and installing. I'm very impressed.
Around six months ago I went through a similar exercise and ended up with my own version of E-Smith (I wasn't aware of E-Smith at the time) built from hand picked pieces of open source software running on RedHat 6.2
I very much like the idea of E-Smith and it's simple install and configuration but it lacks some of the features of my own system and this makes E-Smith less effective in the enterprise.
One of the best things about LDAP is that you can have single usernames and passwords distributed throughout all of your LDAP capable servers in the enterprise either replicated locally or simply pointed to another server.
I've looked at the data held in the E-Smith directory and it's clear that this is only intended for address-book style uasge and that the system employs a shadow password type method.
I'm aware that there are compromises when using LDAP for authentication such as Samba having to use plain text passwords unless you maintain a separate smbpassword file (E-Smith appears to do this anyway).
But to my mind the advantages of being able to maintain a single username/password for all services for each user throughout the organisation are enourmous.
Is there any intention to add this to a future release?
If so then I will certainly replace our Netware, NT, and hand-made Linux servers with E-Smith.
Thanks for the excellent product.
Joe Frost
IS Engineer
Omnis Software Ltd
-
Joe Frost wrote:
> One of the best things about LDAP is that you can have single
> usernames and passwords distributed throughout all of your
> LDAP capable servers in the enterprise either replicated
> locally or simply pointed to another server.
...
> Is there any intention to add this to a future release?
It is something that I am quite interested in building into a future release. However we are accumulating an extensive wish list, but still have only limited development resources.
Priorities in the TODO list are, of course, adjusted according to the wishes of our customers and partners.
Regards
Charlie
-
To use the LDAP services as the central authentication database will be the real MS-backoffice/Exchange killer for e-smith. Also security-key management should be done by LDAP! Please move the LDAP up in the prioritylist.
Fred
-
I have to agree. LDAP as a central password database makes sense for E-Smith. First, it is already there and ready to be used. Second, many of the services (Apache, Qmail, Proftpd) E-Smith uses already have ldap support for them, allowing for very robust virtual domain configurations. Third, the PAM and NSS modules for LDAP have been tested and used in production envroments for some time so there no question about the stability of such services. Forth, many of the portal/group systems have, or intend, to support LDAP for account information. Even Samba is on the LDAP bandwagon. I'd love to see LDAP in the next feature release of E-Smith.
Nathan Sain
Deer High School IT Dpt.
Deer AR