[CentOS] how many people still use NIS?

Sun Oct 3 11:54:43 UTC 2010
Craig White <craigwhite at azapple.com>

On Sat, 2010-10-02 at 21:52 -0700, Iain Morris wrote:
> On Sat, Oct 2, 2010 at 7:29 PM, Craig White <craigwhite at azapple.com>
> wrote:
>         ----
>         This discussion completely ignores the fact that user
>         authentication is
>         just one of the many things LDAP does. If all you are going to
>         do with
>         LDAP is simple user & group management then you have a lack of
>         imagination.
> Not to stray much further off the subject, nor defend AD much further
> on the CentOS list, but AD does a lot more than user/group auth.  In
> fact it does everything in your list (DNS, mail access lists, etc),
> and quite a bit more out of the box. 
> Apple's Open Directory is a nice start, but pretty far behind in the
> race.  In fact if I had a 1000 Mac installation, I'd rather build an
> AD domain and extend the schema to include the Apple attributes and
> use WG Manager for the Macs.  I honestly believe Apple has put more
> engineering time into their AD plugin than their OD native interface.
> Believe me I'm no Microsoft enthusiast, but AD is a capable and mature
> product for the job.  Obviously for maximum flexibility stock MIT
> Kerberos and OpenLDAP win, but I think I'd be wasting a lot of time
> using them bare-bones when administrating a large multi-site
> organization.  Open-source is free, but it's definitely not free once
> you start spending your evenings combing mailing lists and debugging
> fringe issues that keep your business from meeting its goals.
AD yes, LDAP no

You have to go to different tools for everything...

Mail (routing/aliases) - Exchange
DNS  - Their DNS tool

I have no problem using OpenLDAP to setup/configure not only users but
also automounts for Linux/Macintosh users, central user/group
authentication and even share the home directories across the board
(Linux/Macintosh/Windows users so regardless of which system they use,
they have access to their same files). You aren't going to get that done
with Active Directory tools.

Active Directory provides a fairly decent configuration tool set for the
unimaginative administrator who wants to do everything the Microsoft way
but try extending AD's LDAP. If I had a large multi-site organization,
the last tool I would use is AD.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.