[CentOS] NIS or not?

Tue Jan 28 11:23:39 UTC 2014
anax <anax at ayni.com>

Hi Sorin
we use here LDAP  authentication and mail-control since more than 10 years.
At that time, we did the conversion from passwd/shadow to LDAP using the 
tools on
http://www.padl.com/download/
which are still available, probably in a newer version...

To represent a person or a service in LDAP we use the objectclasses:
  objectClass: account
  objectClass: posixAccount
  objectClass: top
  objectClass: shadowAccount
  objectClass: mailRecipient

To represent a mail user for postfix we use the objectlcasses:

  objectClass: top
  objectClass: person
  objectClass: organizationalPerson
  objectClass: inetOrgPerson
  objectClass: qmailUser

To represent a Domain which we serve mail-wise we use the objectclasses:
objectClass: qmailControl
objectClass: top


We also have developed an LDAP via Web Interface, which we use 
exclusively for LDAP administration.

We have two LDAP servers, syncronized via syncrepl.

suomi



On 2014-01-28 10:02, Sorin Srbu wrote:
> Hi all,
>
> We're getting to a point in our linux environment where it's starting to be
> cumbersome to keep shadow and passwd-files up-to-date for the users to login
> on each computer. Scripts can only get us so far. 8-/
>
> I've looked a bit into central login systems for linux, and NIS and LDAP seem
> to be prevalent. NIS being the simpler-to-setup solution for small to medium
> networks as I understand it, while LDAP is the more modern and scalable
> solution.
> See eg http://www.yolinux.com/TUTORIALS/NIS.html or
> http://sysadmin-notepad.blogspot.se/2013/06/nis-server-setup-on-rhelcentos.html.
>
> NIS-wise, what is a "small to medium network"?
> We have currently about 20-30'ish linux clients and servers, and the
> environment is not likely to increase much beyond this point.
> Is a 30ish-computer setup, a small network?
>
> The only thing I'm trying to accomplish is a system which will allow me to
> keep user accounts and passwords in one place, with one place only to
> administrate. NIS seems to be able to do that.
>
> Comments and insights are much appreciated!
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>