Jeff,
Clowser, Jeff (Contractor) wrote:
While I agree with what people are saying about the negatives of SSS and poor design [..] the problems I face are:
- Most other LDAP server choices implement it (I think Sun/Red Hat,
Microsoft, Novell, Oracle, etc all support this control, so OpenLDAP stands out by not having it).
- Since it's so commonly implemented, developers tend to expect it to
be there, and write code that uses/depends on it.
So... I'm kinda stuck with it as a requirement, and justifying why people have to rewrite apps (or in the case of COTS apps, possibly breaking them with no option to fix/rewrite) becomes a pretty hard sell.
You're doing an evaluation for your customer. Being in this position I'd recommend to...
1. ask the customer which client application he's deploying and whether SSS is a MUST requirement for the applications. Discussing this can be sometimes hard if the customer does not have a clue about what he really wants. But you're doing consulting, yes? So it's your job explaining it. ;-)
2. watch out how it is actually implemented in the other server products and which problems arise in real-world deployments (refer to discussion boards of the other vendors for that). This can be somewhat enlightening. ;-)
I just have to identify it as not meeting one of many requirements. How important that requirement is in the overall picture is yet to be seen.
During evaluation you have to weigh each and every requirement. Ask your customer for the weight of this particular requirement. For my customers this feature was most times not important after all. Though everybody asks for it.
Ciao, Michael.