Hey there, > > Important Notes > > - Experimental - Early-stage project, APIs may change > - Read-only - No write operations yet
I think we should never allow write operations. LLM's are statistically plausible sentence generators, not intelligent beings with context and understanding. There are already far too many cases where "LLM Agents" have destroyed peoples data and systems when given write access. Given the critical nature of LDAP in many environments, I would be extremely against any kind of write functionality in this given the high risks associated. If write access is to be developed, it should be feature gated behind a safety switch, and default to "false" (aka read-only by default). > - Privacy mode - Set LDAP_MCP_EXPOSE_SENSITIVE_DATA=false to anonymize output Privacy should be the default IMO, especially given how LLMs may harvest data. > - Plain text passwords - Use restrictive file permissions on config files > > Feedback > > I'd love to hear your thoughts: > - What diagnostics would be most useful? > - What operations would you want AI assistance with? Honestly? I don't think we should have MCP anywhere near 389-ds. I know that you will have worked a lot on this, and I'm sure there was a "business reason" your employer probably wanted you to implement this for. But as I have said - LDAP is a high value, important, and critical piece of infrastructure in many environments. If LDAP stops - the business stops. To have an MCP/LLM trying to "summarise and advise" about how one of the most critical pieces of software in an environment works seems like a recipe for disaster. As a former sysadmin, I would not want MCP anywhere near systems. Systems require insight, understanding, and thought to manage. Systems do not need "statistically plausible sentence generators". There are many ways we can make LDAP and 389-ds easier and more accessible to administrators, to assist them with understanding the state of their systems. But MCP/LLMs are not it. > > GitHub: https://github.com/droideck/ldap-assistant-mcp > Issues: https://github.com/droideck/ldap-assistant-mcp/issues > > References: > - Model Context Protocol: https://modelcontextprotocol.io/introduction > - FastMCP: https://gofastmcp.com <https://gofastmcp.com/> > - lib389: https://pypi.org/project/lib389/ -- Sincerely, William Brown Senior Software Engineer, Identity and Access Management SUSE Labs, Australia
-- _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
