Moving away from NIS. Options?

Chris St. Pierre stpierre at NebrWesleyan.edu
Fri Dec 2 15:53:05 UTC 2005 

Andrew--

Wow.  Your setup is even older than ours.

We're about 90% of the way along in a migration from NIS to LDAP, and
it's been mostly dreamy.  Linux, of course, plays *very* well with
LDAP, and newer Solaris (9 and 10) do as well, although they have more
required attributes.  We've never done it with HP-UX or older
Solaris. We do, though, have around 600-800 Mac and PC desktops
authenticating to LDAP, the Macs directly and the PCs through Samba;
setting up a simple LDAP-based PDC is pretty easy these days.

We've also tied a bunch of custom web applications we've written into
LDAP, since every language out there has APIs for accessing it.  We're
also looking into using LDAP for more than just authentication -- it
is, after all, a full-fledged directory.  Our network guy is looking
at using it for DHCP tables (allows us to easily have >1 DHCP server),
and we're planning a few other uses for it as well -- there's lots of
potential there.

I would suggest, however, staying away from OpenLDAP -- at least for
the time being.  If you're a very small shop, it would probably work,
but lacks a lot of the manageability and featureset of most commercial
LDAP servers -- things like schema updating without a restart and,
best of all, multimaster, which makes load balancing a piece of cake.
We're using Sun's DS, and will probably continue to; they give crazy
academic discounts.  Redhat's DS is forked from the same code, though,
so I'm sure it's just as nice, although quite a bit pricier for us.
Novell's eDirectory also looks very slick, with some pretty sweet
identity management features.

I'd be happy to talk more about our setup (and how we're radically
re-architecting it this coming summer) if you're interested.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

On Fri, 2 Dec 2005, Cannon, Andrew wrote:

>Hi All,
>
>We have an old (>8years) Sun box running SunOS 4.1.3 acting as our NIS
>server (NISv2 I think) and we would like to move away from using this
>system.  (We have no confidence that it will come back up if the power goes
>in the server room...) 
>
>The *nix network is a mixed Solaris (2.6->9), HP-UX and Red Hat (8->EL4)
>network with users logging in using X clients on their Windows boxes (either
>Exceed or XThinPro).  
>
>What are our options to replace NIS?  The person who set up our NIS server
>has left the company and I've got the job of looking into replacing this Sun
>box.  I'm thinking of LDAP, mainly because I think it does a similar thing
>to NIS and can integrate with a Windows network fairly well.  (I do stand to
>be corrected on this though).  Winbind would be an idea, if we didn't have
>the Solaris and HP boxes.  
>
>I've only just started to look into this problem, so I may know more in a
>few weeks when I've been through the HOWTOs on the LDP and Googled a bit
>more.
>
>If anyone has personal experience of doing this, then I would be grateful of
>any tips and pointers you could supply me with.
>
>TIA
>
>Andy
>
>
>**********************************************************************
>AMEC Nuclear Holdings Limited (no. 3725076), AMEC NNC Limited (no. 1120437), National Nuclear Corporation Limited (no. 2290928), STATS-NNC Limited (no. 4339062) and Technica-NNC Limited (no. 235856).  The registered office of each company is at Booths Park, Chelford Road, Knutsford, Cheshire WA16 8QZ except for Technica-NNC Limited whose registered office is at Citygate, Altens Farm Road, Aberdeen, Aberdeenshire, AB12 3LB.  AMEC NNC's head office and principal address is Booths Park and the switchboard number is 01565 633800.  
>The AMEC NNC website is www.amecnnc.com
>
>Any request, advice, information or opinion in this message which does not relate to the business of any of the above companies is not authorised by any of the above companies.  Where this message does so relate,  it is sent by the relevant company (as above) and is confidential and intended for the use of the individual or entity to whom it is addressed.  The content is subject to contract and, unless so stated, does not form part of any contract.  If you have received this e-mail in error please notify the AMEC NNC system manager by email at eadm at amecnnc.com.
>**********************************************************************
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list