On 1/17/06, Paul Lussier <[EMAIL PROTECTED]> wrote:
Thomas Charron <[EMAIL PROTECTED]> writes:
> He doesn't want 2 domains. He wants 1.
Then he can't do what he wants. What's the problem with two domains?
Technically, they're *sub* domains, and for all intents and purposes,
he manages them as one. The users have no clue what domainn their in,
nor do they care.
*shrug* Only Kenny can answer that one. I'd imagine for the lazy sysadmin, it's easier..
>> > The reason for this is that people will travel between here and
>> > there quite often,
>> Yeah, so. Just set the ACLs up to allow anyone in 'ou=*, ou=corp,
>> dc=foo, dc=com' access to whatever you want everyone to access.
> That would work, but still require maintaining two seperate directories.
> Seems it'd be much easier to just have one and replicate the LDAP server.
This statement seems to indicate a fundamental lack of knowledge of
LDAP, hierarchical design, and, well, just about everything else we're
talking about here.
... One of the, what I assumed was major, requirements was that the authentication information would not need to be transmitted over the wire every time they log in. One would assume without some sort of ESP module, that there would need to be an LDAP server in both locations....
Thomas
