[lpi-discuss] General comments on LPI levels

Etienne Goyer etienne.goyer at videotron.ca
Mon Sep 19 13:31:40 EDT 2005

I think you are getting carried away quite a bit, sir.  Cool down a 
little.  Nobody here is advocating against Linux or Freedomware.  Simply 
stating that, well, there's a lot of ADS around does not equal to "free 
marketing" for Microsoft.  Nobody said it is the only thing either, or 
that it should be favored in LPI exam.  Stating that OpenLDAP is 
currently the standard on Linux does not equale to a failure to 
recognize NsDS exist.  And lastly, WTF does winbind and Samba have to do 
  with the subject at hand ?

You are clearly misrepresenting my words here.  I doubt you have a 
reading comprehension problem, so I wonder why are you building such a 

Bryan J. Smith wrote:
> On Sun, 2005-09-18 at 14:08 -0400, Etienne Goyer wrote:
>>Like it or not, OpenLDAP is bundled with pretty much every distribution
>>*today*, and currently power most directory running on Linux.
> I never said we shouldn't include something on OpenLDAP.
> I just said that it's not the _only_ option.
> Now that Red Hat is GPL'ing the former NsDS product, I'm sure it will
> quickly gather adoption.
>>Discussing which DSA to test in LPI is totally pointless anyway.  This
>>test is not about enterprise directory service, it's about Linux.  A
>>working knowledge of LDAP and how to configure PAM and nsswitch LDAP is
>>what should be tested.
> As several mentioned, LPIC-3 is _definitely_ a target for network
> authentication, directory, file and naming services.  And setting up a
> system as a client for those services _might_ be a lower-level
> objective.
> Even Microsoft includes ADS in the MCSA track.
> Sun also includes client setup as part of the SCSA.
>>Totally OT, but I doubt the wisdom of that.  Fixing the shortcoming of
>>OpenLDAP would have costed much less than 20M$ in manpower.
> Very poor assumption.  A lot of RHEL customers (myself included) were
> hoping Red Hat would buy NsDS from AOL-Netscape.
> Understand Red Hat announced it was moving forth on a lot of
> "enterprise" initiatives.  Their initial work was putting a _lot_ of
> people on OpenLDAP.  They finally decided that it was cheaper and faster
> to purchase it outright from AOL-Netscape, and get going now
> OpenLDAP has a lot of shortcomings -- shortcoming that NsDS has never
> had.  This includes a standard certificate service, peer replication and
> peer synchronization with ADS.  Things that are severely lacking in
> OpenLDAP solutions.
>>Right now, Linux <-> ADS is one of the most sought-after skill for Linux
> And why is that?  Maybe it's because companies are having trouble with
> their ADS back-end.  And if you'd stop to educate them on a peer
> directory service that would _remove_ the "reliability" issue from the
> back-end for non-Windows platforms, you might even be more "sought-
> after."
> Sometimes the "most sought-after" skills are the ones your client
> doesn't recognize.  I've gone into pitches and provided proposals where
> the client didn't realize _all_ their options.  Especially the swiss
> cheese holes in an ADS back-end that left a lot of their enterprise out
> as orphan leaves.
> So far, NsDS is the *ABSOLUTE*BEST* way to do it!
> I've seen Samba over-quoted like it's the "ultimate directory service"
> and it is _not_ a directory service.  Samba is a Windows client
> solution, with only a minor capability for UNIX clients.  In fact, part
> of the problem why Open Source integrations _fail_ is because people
> over-pitch Samba.
> And part of that reason is because they do _not_ understand that
> enterprise services aren't an "unified directory" service -- but a set
> of services that are complementary.  Even ADS is that way itself.
>>Face it, Windows rule the world.
> On the desktop?  Yes.
> On the server?  No!  No!  NO!  They do _not_!
> Stop asserting this as fact!  It is _not_ true at all!
>>We can't pretend it does not exist.
> I _never_ said that.  But to you, it's the _only_ thing it seems -- or
> the only thing that matters.  I will _strongly_disagree_ with you as a
> professional who regularly runs into other Linux professionals like
> yourself, who has not actually rolled out anything but ADS.
> Do _not_ assume you are _not_ talking to a _current_ MCSA/MCSE with
> several specialties (including "Security", which is a joke, don't get me
> started).  I've worked on trees at Fortune 20 companies.
> Lastly, I tire of these debates, because _you_ are providing Microsoft
> with "free marketing" because you are not aware of what many enterprises
> do.  What you assert is simply _not_ true!  And it is enfuriating to
> see.
> Now I'm sure you're going to label me as a "jerk" and "mean spirited"
> now, just like so many people do.  But I'm sorry, when someone doesn't
> see any other options -- I just have to put my foot down, even if I'm
> the only guy doing it.  And I don't mind being the sole minority on such
> a position either.
>>On the other hand, I do not understand all the ruffus about the subject.
> Because you are focusing on an assumed _lie_ because of the popular
> media that caters to Microsoft, and believe only Novell offers another
> option, and OpenLDAP is the only other solution out there -- which you,
> among others, dismissed for various reasons -- reasons that do _not_
> plague NsDS, and haven't in years prior.  That is largely why Red Hat
> finally just acquired NsDS for _all_ distros to use, under the GPL.
> A Linux Professional examination should focus on Linux solutions at a
> level that is _at_least_ the "peer" level with proprietary solutions.
> Just because you believe that ADS is the _only_ solution is merely _not_
> true for a -- even if minority -- number of enterprise architects like
> myself.
> In the next round of objectives -- even if Level-3, although client-side
> things for Level-1/2 -- the objectives should focus on the real
> availability of GPL network authentication, directory, file and
> authentication services that are now becoming available.  It can be
> generic enough to apply to several at the foundation, but we have to
> account for the availability of NsDS now.
> And not just provide Microsoft with free marketing where our exam favors
> their directory service.
>>From the Linux side of thing (most likely, what LPI would test), the
>>DSA is pretty much irrevellant.  Except for a kink or two, configuring
>>Linux to authenticate against ADS or OpenLDAP (or NsDS, or NDS) is
>>practically the same thing.
> Depends on what you are testing on and how.
> But no, they _are_ very different in many cases.
> Winbindd is _not_ quite as "native."
> Most people will want to take the proposed LPIC-3 Samba exam, it can go
> there.
> A native Linux LPIC-3 network authentication, directory, file and name
> server exam can be its own as well.
> As far as the lower level objectives, they should be limited to PAM,
> NSSwitch and basic client configuration files.  These are _not_ the
> realm of ADS for the most part.

More information about the lpi-discuss mailing list