Clowser, Jeff (Contractor) wrote:
While I agree with what people are saying about the negatives of SSS and
poor design [..] the problems I face are:
1. Most other LDAP server choices implement it (I think Sun/Red Hat,
Microsoft, Novell, Oracle, etc all support this control, so OpenLDAP
stands out by not having it).
2. Since it's so commonly implemented, developers tend to expect it to
be there, and write code that uses/depends on it.
So... I'm kinda stuck with it as a requirement, and justifying why
people have to rewrite apps (or in the case of COTS apps, possibly
breaking them with no option to fix/rewrite) becomes a pretty hard sell.
You're doing an evaluation for your customer. Being in this position I'd
1. ask the customer which client application he's deploying and whether
SSS is a MUST requirement for the applications. Discussing this can be
sometimes hard if the customer does not have a clue about what he really
wants. But you're doing consulting, yes? So it's your job explaining it. ;-)
2. watch out how it is actually implemented in the other server products
and which problems arise in real-world deployments (refer to discussion
boards of the other vendors for that). This can be somewhat
I just have to identify it as not meeting one of many requirements.
How important that requirement is in the overall picture is yet to be
During evaluation you have to weigh each and every requirement. Ask your
customer for the weight of this particular requirement. For my customers
this feature was most times not important after all. Though everybody
asks for it.