[K12OSN] directory services in a linux centric cross platform workstation environment

Fri Apr 17 18:20:43 UTC 2009

I'm not usually one to stick up for Microsoft, but when it comes to various
implementation of LDAP,  Microsoft has implemented the most user-friendly
and intuitive directory service on the market today.  I can't comment on
Macintosh Open Directory; however,  I am fairly knowledgeable about OpenLDAP
since I have deployed and administered it for  3 years before migrating to
Active Directory.   It took me over 2 weeks to fully configure OpenLDAP for
my needs.   I really wish the Linux  community could develop  tools  to make
OpenLDAP  easier to deploy and manage.  Novell's Suse NDS is very robust and
stable but is very difficult to deploy.

 Xandros Linux<http://www.xandros.com/products/server/overview/whatsnew.html>is
the only distro I found that shields the newbie system admin for all
the
grunt work involved in OpenLDAP.
I have been waiting for Samba 4 since 2005 and still no sign of it.   The
smbldap-installer <http://majen.net/smbldap/> tools that make it easy to
deploy OpenLDAP  is now an orphan.

There many commercial products that allow  seamless  integration  between
Linux and Mac clients and Active Directory.  If cost is a factor, then check
out LikeWise Open <http://www.likewise.com/products/likewise_open/index.php>.
It's free and supports Linux and Mac clients.  IMHO, AD is now the defacto
standard for directory services.

On Thu, Apr 16, 2009 at 5:01 PM, Bob Mead <bmead at lane.k12.or.us> wrote:

>
>
> Hoover Chan wrote:
>
> re: huge .profile directories slowing things to a crawl
>
> I experienced that but ran out of time to figure it out to a satisfactory conclusion. A pointer to how to solve it?
>
>
>
>  I wrote a blog post on how to fix these here.<http://blogs.slane.k12.or.us/tsc/2009/03/13/understanding-%E2%80%A6-them-work-toounderstanding-roaming-profiles-and-making-them-work-too>
>
> I echo TP's sentiment, that you are on the right foot to stay away from AD.
> I am going to check out the Fedora/RedHat solution as our ldap server is
> aging and could probably use an update. For now, we are just using a
> standard openLDAP implementation with samba on linux servers of various
> flavors.
>
>  re: planning to use ltsp as the core of the new directory service
>
> No, I'm not planning to do that but thought that the collected audience here would be knowledgeable and sympathetic toward a FOSS solution to this rather than resorting to buying a Windows Active Directory or Apple Macintosh Open Directory server.
>
> Most of the workstations and laptops here on the academic side of the house are Macintoshes. Easily about 85% of our campus are Macs. The remaining are Windows for the administration (we use something called Blackbaud for administrative computing which is Windows specific). I have one Linux workstation...
>
> Thanks.
>
> --------------------------------------------------
> Hoover Chan                     chan at sacredsf.org
> Technology Director
> Schools of the Sacred Heart
> 2222 Broadway St.
> San Francisco, CA 94115
>
>
> ----- "Bob Mead" <bmead at lane.k12.or.us> <bmead at lane.k12.or.us> wrote:
>
>
>
>  We use openLDAP as our main authentication tool. Our school is mostly
>
> win-doze desktops with some macs, yet our server infrastructure is
> mainly linux. We have only two win servers (required for a few
> specific
> apps). All of our clients (some 1300+ computers district-wide)
> authenticate through the LDAP server. I wasn't here for the build out,
>
> but I can say that it works. For our win clients we have samba to
> serve
> win-style shares and we use roaming profiles to allow transparency on
>
> the network. The problem we have is that our users tend to generate
> huge
> .profile directories and this slows down the login process to a crawl
>
> [or worse]. Once we fix that - it works seamlessly. As a side note,
> even
> our ltsp terminals and servers use the ldap server to authenticate.
>
> Upon re-reading your post below, are you trying to build an ltsp
> server
> that is also your main openLDAP authentication server (in lieu of an
> AD
> or other auth. server)? If this is so, then I would guess that your
> installation is going to be somewhat complex.
>
> HTH
>     ~bob
>
> Hoover Chan wrote:
>
>
>  The subject line is quite a mouthful but that's pretty much the
>
>
>  question I'm mulling over right now.
>
>
>  I've been bombarded by proponents of Active Directory for Windows
>
>
>  and Open Directory for the Macintosh with all the different neat
> network applications that become easy to implement and manage if only
> I switch the servers to the appropriate platform. Does anyone here
> have a mostly Macintosh and Windows workstation environment that
> integrates well with an OpenLDAP type Linux centric server? If so, how
> hard is it to build?
>
>
>  A lot of my colleagues at different schools locally seem to come
>
>
>  from using AD as their core directory service and then "bend"
> everything to adapt to that. I'd hate to be forced into building a
> Windows server just for AD...
>
>
>  Thanks in advance.
>
>
> --------------------------------------------------
> Hoover Chan                     chan at sacredsf.org
> Technology Director
> Schools of the Sacred Heart
> 2222 Broadway St.
> San Francisco, CA 94115
>
> _______________________________________________
> K12OSN mailing listK12OSN at redhat.comhttps://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org> <http://www.k12os.org>
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

-- 
Regards,
Conrad Lawes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20090417/83a9f9d9/attachment.htm>