> -----Original Message----- > From: Adrian 'Dagurashibanipal' von Bidder
> (personal note: I'd not use mysql, but postgresql instead. YMMV.) > > Generally: use whatever technology you know already. This > means I have a > heavy anti-LDAP bias, but I know SQL quite well. For others, this may > mean that they'll use LDAP since they know how to set it up > and run it. > > I think for what you want, both technologies can be used without big > problems, so it really comes down on how much time do you spend > learning the tools. (As for authentication: yes, there are many LDAP > backends for server applications. But there are many sql backends for > server applications, too.) I am also trying to decide between ldap and [my]sql for a centralised authentication and management system. Seems to be that on the plus side for ldap, it has fairly mature application interfaces and pre-existing data structures for things like bind zonefiles. On the minus side i don't know anything about it and it may be inflexible. Mysql has the obvious advantage that coding up a php interface to it all is very easy and I can write scripts to grab data out of the database and create local config files from that. On the minus side thats prone to flakiness and inconsistencies and the pam_mysql module is woefully devoid of nss support and some other nice features. I'm wavering towards the path of putting a bit of time in to learn LDAP and going for a proper solution (instead of bunch-of-scripts mysql solution) which should be more extensible and scalable in the long term. Personally though I don't see why LDAP is any better than a properly constructed database, other than the application interfaces that already exist.
