[Info-vax] : AUTHORIZE Enhancement

Kerry Main kemain.nospam at gmail.com
Wed Nov 30 22:21:41 EST 2016 

> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of Stephen Hoffman via Info-vax
> Sent: 30-Nov-16 5:41 PM
> To: info-vax at rbnsn.com
> Cc: Stephen Hoffman <seaohveh at hoffmanlabs.invalid>
> Subject: Re: [Info-vax] : AUTHORIZE Enhancement
> 
> On 2016-11-30 02:06:30 +0000, Kerry Main said:
> 
> > You do not have to replace MS AD - simply integrate with it
just
> like
> > any other Directory ...
> 
> That's the theory, certainly.   Most sites will integrate LDAP
clients
> with Microsoft Active Directory or their chosen directory
> platform, and
> won't attempt or variously won't allow heterogeneous LDAP
> servers.
> For various and often very good reasons, too.   Though some
> folks do
> use more complex configurations, including hosted LDAP:
> https://azure.microsoft.com/en-us/services/active-directory/
> But for
> most places, the chances of getting permission to bind some
> "random"
> LDAP server such as OpenVMS Enterprise Directory with the local
> Microsoft Active Directory configuration is... low.
> 

Not true - there are many Windows-UNIX shops that have AD and the
equivalent UNIX directory integrated because neither side trusts
the other side.

> The other boxes I work with require couple of mouse clicks and
a
> password and the client is bound to the directory, or push a
few
> commands or an install-time script and bind that way.  Setting
up
> and launching the base-OS-integrated LDAP server is about as
> difficult, too.
> 
> For some sites, OpenVMS can play a (more) central role in
> authentication...   But for many of the sites I deal with,
OpenVMS
> needs to (easily) coexist, and to operate with the fewest added
> configuration requirements.
> 

I do agree there needs to be lots of work to better integrate ED
and LDAP on OpenVMS. 

Imho, while the priority for V9 is getting to X86-64, a big post
V9 enhancement should look at LDAP/ED SSO and resource management
integration.

Good news is that a number of cross platform 3rd party LDAP and
IdM add-ons are 100% Java based and apparently will integrate
easily with any LDAP V3 directory, so likely would not take a
large amount of effort to fast track some of these solutions.


Regards,

Kerry Main
Kerry dot main at starkgaming dot com

More information about the Info-vax mailing list