[CentOS] how many people still use NIS?

Ray Van Dolson rayvd at bludgeon.org
Fri Oct 1 17:57:35 EDT 2010


On Fri, Oct 01, 2010 at 02:47:09PM -0700, aurfalien at gmail.com wrote:
> 
> On Oct 1, 2010, at 2:16 PM, Steve Thompson wrote:
> 
> > On Fri, 1 Oct 2010, Craig White wrote:
> >
> >> As for OpenLDAP being a royal PITA, I suppose that's a matter of
> >> perspective because I've been using it for at least 7 years now and  
> >> it
> >> works for me without any problems whatsoever.
> >
> > Agreed. I have found that LDAP, in the guise of OpenLDAP, is not very
> > difficult at all once you have done your first setup, providing, as  
> > Craig
> > says, you take the time to understand why you're doing what you're  
> > doing
> > and you properly plan ahead. OpenLDAP also has excellent performance  
> > and
> > is as solid as a rock.
> >
> > Steve
> 
> Whats bizarre is the NIS/LDAP gateway that padl.com sells starting at  
> $1500.
> 
> I said screw it and just migrated over to OpenLDAP.
> 
> Didn't think it was a PITA but then again, all IT is a PITA so non of  
> it is if you catch my drift.
> 
> I mean if its all a PITA, then its not a PITA cuz PITA is PITA if  
> there is no PITA to compare to.
> 

What bites is if you already have a large AD environment in place along
with legacy NIS.

It's obviously not efficient to maintain two separate environments with
many of the same usernames...

AD does have "Unix Extensions" to expand their schema to make it more
friendly for use as LDAP.. but it's pretty limited really.  That and,
what if you have many legacy Unix clients that can only talk NIS
easily?

There are packages like LikeWise out there that can make this work
fairly well -- they even have a free version.

Lately I've been thinking of using something like Fedora Directory
Server to just sync up daily from AD and provide LDAP and NIS services
via some sort of shim to older Unix clients who can't handle LDAP.

Note that Samba 3.3.x integrates pretty well with AD via winbind.  If
you can get good external uid mapping going you can even preserve UID's
from your NIS environments.

It's definitely not as fast as NIS though as far as responsiveness...

Ray


More information about the CentOS mailing list