[CentOS] how many people still use NIS?

Sun Oct 3 02:29:26 UTC 2010
Craig White <craigwhite at azapple.com>

On Sat, 2010-10-02 at 21:40 -0400, Tom H wrote:
> On Sat, Oct 2, 2010 at 9:02 PM, Iain Morris <iain.t.morris at gmail.com> wrote:
> > No one seems to like AD. I actually find it to be fairly manageable compared
> > to stock LDAP/Kerberos. The management tools blow OpenLDAP out of the
> > water. I laugh at myself saying it, but if you want simple management of a
> > big installation, AD is pretty dang tested these days and it's not hard to
> > integrate other systems in that environment if you have admin control of the
> > schema.
> 
> As long as we are recommending non-CentOS, non-Linux systems, I'd like
> to mention OS X Server as a good GUI, works-straight-out-of-the-box
> implementation of OpenLDAP...
----
This discussion completely ignores the fact that user authentication is
just one of the many things LDAP does. If all you are going to do with
LDAP is simple user & group management then you have a lack of
imagination.

It is a great disservice to suggest that AD tools 'blow OpenLDAP tools
out of the water' or Apple's GUI implementation of their fork of
OpenLDAP from several years ago are actually reasonable solutions. For
that matter, you should have also mentioned Fedora-DS, RedHat-DS,
FreeIPA which all use the previous Netscape Directory Server code that
Red Hat has worked to open source because those all share a functional
GUI.

There are also a number of very functional GUI's such as GoSA and
LDAPAdmin if you require such crutches or for that matter, a properly
configured LDAP & Samba configuration allows you to use Microsoft User
and Group Management tools anyway.

The reality is that LDAP was designed to be completely flexible for many
possible needs and Microsoft's AD, Apple's OpenDirectory, Fedora-DS (and
derivatives) all use a predetermined setup that constrains the usage of
LDAP rather than enhance it. Shared address books? Mail routing? Mail
aliases? DNS? 

Personally, I use Webmin's LDAP Users & Groups to manage LDAP users and
groups which rather cleverly allows me to create all the custom
attributes and objectclasses that I routinely use with LDAP that I could
never get out of the other GUI's, give me infinitely more flexibility
and power.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.