[Fedora] Re: LDAP vs. NIS+

Tue Nov 15 15:53:19 UTC 2005

Hello Ashley,

	I hope that you are well. Join the mailing list for Fedora Directory Server, 
they are extremely helpful over there, with RedHat engineers on the list, you 
can't go wrong. There is a GUI that should be able to make your life easier 
(creating accounts and such) and this product is similar to Sun's DS, *but* not 
exactly the same.

	LDAP does look daunting at first, but it can do a wide variety of things that 
you would find very tideous and painful in NIS/NIS+, Craig White has outlined 
some of the most interesting issues. Unless I am wrong you want a centralized 
account management system, if so LDAP will certainly help. What ever you can 
setup in NIS+ you can in LDAP, ethers, hosts, passwd, groups, heck with Sun OS 
you can setup a NIS+ system that interacts with a backend LDAP server. You will 
find that Sun is going to support NIS+ for people like my company for a little 
while longer before we find that its going to got away and a rush migration will 
take place.

	Also ask questions on the FDS mailing list, you will find that people are 
willing to help newbies, as well as there is tons of Howtos on the wiki site. 
OpenLDAP is good too, but I would side with FDS as its bound to one day become 
the default in Fedora over OpenLDAP (my opinion). So try it out on a  test 
server with a test client, make the system go see how you can tweak things, to 
suit your taste buds, this isn't going to be something that you will get perfect 
overnight, but you sound dedicated so it won't take a long long time :) :).

	Cheers,

	Aly.

Ashley M. Kirchner wrote:
> Aly Dharshi wrote:
> 
>> Fedora Directory Server is a good free piece of software that will 
>> play nicely on Fedora, Sun and any LDAP compliant system.
> 
> 
>    Just from reading the first few pages of the Documentation [at 
> http://directory.fedora.redhat.com/wiki/Documentation], I get the 
> overwhelming feeling this might be way overkill for what I want (not to 
> mention way over my head as well.)  Then again, I have never done 
> anything with LDAP, I don't understand it, and don't really know what 
> it's potential is.  So perhaps I need to track back a bit here and ask 
> for some guidance.  What IS LDAP and what can it do for me?  Is that 
> really what I want to use considering what I want to  accomplish 
> (hopefully this comes out and doesn't get mangled):
> 
>                           [ accounts server ]
>                                    |
>                                    |
>        +---------------------------+-------------------------+
>        |                           |                         |
>        |                           |                         |
> [ www server ]  <- NFS ->  [ shell server ]  <- NFS ->  [ mail spool ]
> 
> 
>    With the 'accounts server' being the one machine where user accounts 
> are managed.  The www and mail servers just need to know the UID/GID (I 
> think) to function properly, like being able to save files with the 
> proper permissions.  And the shell server is the one everyone uses to 
> log in on, keep their files and do whatever.
> 
>    So, with my limited amount of understanding, I think what I need is 
> www and mail being able to replicate the users' permissions based on the 
> accounts server, and the shell server being able to authenticate against 
> the accounts server.
> 
>    (I don't even know if I'm using the correct terms here, so if I'm 
> not, feel free to correct me.)
> 
>    Tell me Fedora Directory Server isn't overkill, and I'll shut up and 
> continue reading.  Tell me LDAP is really what I want to use here, and 
> I'll go spend the next several weeks trying to figure it out and learn 
> the whole thing - if that's even possible.
> 

-- 
Aly S.P Dharshi
aly.dharshi at telus.net

	 "A good speech is like a good dress
	  that's short enough to be interesting
	  and long enough to cover the subject"