[rhelv6-list] LDAP without the cruft

William Hopkins we.hopkins at gmail.com
Fri Jul 19 14:43:43 UTC 2013 

On 07/19/13 at 01:55am, Bryan J Smith wrote:
> William Hopkins <we.hopkins at gmail.com> wrote:
> 
> Both are not remotely as effective as something that uses the pre-existing,
> message passing in the kernel and device layers, let alone looks at sockets
> to ... gasp ... verifies if a service is actually running.  It's also going
> to finally standardize monitoring tools, instead of a lot of different
> solutions out there that "poll" things (quite inefficient).

I pretty much discount anyone who uses "gasp" as a rhetorical device. You're
also pretty naïve if you think whatever you're talking about will be the silver
bullet for standarization.
 
> More on the system security side, SSSD finally updates some very, very
> legacy and aged, disseparate modules, and vastly improve them.  E.g., in
> its LDAP modules, SSSD actually uses more updated OpenLDAP client libraries
> than some of the older ones (some are way out of compliance too).

This is a good point. Shame that things like nss-pam-ldapd will gain so much
acceptance because they're fixing problems,  forcing others to live with the
poor engineering decisions they've made. I don't really enjoy the choice I'm
presented with between outdated systems or new, poorly designed ones.
> 
> Even many in the Debian world has a lot of praise for SSSD.  I know many
> Ubuntu users who don't want to go back.  ;)

Interesting community to highlight, given Ubuntu-ers are the laziest linux
users anywhere. I don't begrudge them their pretty and automatic 'don't think
about it' interfaces, but I will resist any efforts to bring them to the server
world. 

> > philosophically they don't line up with the UNIX/Linux mindset.
> 
> 
> And probably the second most over-stated falsehood.  This was also stated
> when System-V like init came about during UNIX standardization efforts in
> the '80s and early '90s.  And then it was stated again when people were Red
> Hat "pushing SysV-init on everyone" in the later '90s.

"people complained before and were wrong.. they must be wrong now"
I'm not afraid of change. I am arguing that these systems are poorly designed
and make system administration more difficult. I do not need to run SSSD,
NSLCD, NSCD, D-BUS, upower, udisks, etc. etc. etc. just to have a vanilla
system. Some systems are worse than others (gconf is especially a horror from
the depths), but nonetheless the new method of running software to add layers
of abstraction that then become hard requirements because everyone assumes
they'll be present is totally off base and disconnected from the open-world
mentality of Linux.
 
> Unfamiliarity bothers a lot of people.  But most of the "common arguments"
> are actually falsehoods that have no basis in UNIX history, only UNIX
> assumption.  ;)

I'm not surprised any longer that people in IT tend to be very bad at arguing;
we all have big egos. But you should be aware that this sentence takes your
conclusions as assumed fact, and paints anyone who disagrees as near-luddites
afraid of change and unfamiliarity. It's pretty rude. 

-- 
William
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20130719/a1117683/attachment.sig>

More information about the rhelv6-list mailing list