On Fri, Oct 01, 2010 at 02:47:09PM -0700, aurfalien@gmail.com wrote:
On Oct 1, 2010, at 2:16 PM, Steve Thompson wrote:
On Fri, 1 Oct 2010, Craig White wrote:
As for OpenLDAP being a royal PITA, I suppose that's a matter of perspective because I've been using it for at least 7 years now and it works for me without any problems whatsoever.
Agreed. I have found that LDAP, in the guise of OpenLDAP, is not very difficult at all once you have done your first setup, providing, as Craig says, you take the time to understand why you're doing what you're doing and you properly plan ahead. OpenLDAP also has excellent performance and is as solid as a rock.
Steve
Whats bizarre is the NIS/LDAP gateway that padl.com sells starting at $1500.
I said screw it and just migrated over to OpenLDAP.
Didn't think it was a PITA but then again, all IT is a PITA so non of it is if you catch my drift.
I mean if its all a PITA, then its not a PITA cuz PITA is PITA if there is no PITA to compare to.
What bites is if you already have a large AD environment in place along with legacy NIS.
It's obviously not efficient to maintain two separate environments with many of the same usernames...
AD does have "Unix Extensions" to expand their schema to make it more friendly for use as LDAP.. but it's pretty limited really. That and, what if you have many legacy Unix clients that can only talk NIS easily?
There are packages like LikeWise out there that can make this work fairly well -- they even have a free version.
Lately I've been thinking of using something like Fedora Directory Server to just sync up daily from AD and provide LDAP and NIS services via some sort of shim to older Unix clients who can't handle LDAP.
Note that Samba 3.3.x integrates pretty well with AD via winbind. If you can get good external uid mapping going you can even preserve UID's from your NIS environments.
It's definitely not as fast as NIS though as far as responsiveness...
Ray