On linux one directory service is OpenLDAP. There is also iPlanet Directory Services and Novell supports eDirectory on Linux.
And yes LDAP is just the access protocol - not the actual directory. Usually the directory is stored in some type of database anyway. Novell use the flaim [spelling?] database. Although this is all hidden from both user and admin. You can use LDAP to replace authentication schemes. And LDAP is not a fast database - it may seem like one, but it strickly is just the method of accessing the 'fast database' >>> [EMAIL PROTECTED] 03/20/03 11:20 AM >>> On Thu, Mar 20, 2003 at 06:28:15AM +1200, Liane Williams wrote: > Thanks for the background info - good to know. > I guess standardisation and interoperability is another advantage of > LDAP. > But LDAP is just a directory access protocol isn't it? What service > offers the actual directory? Is it part of the X500 compliant breed now > on many platforms? Yes, LDAP is just the directory service, you can't run an authentication system to replace NIC with just LDAP ... However, NIS is "just" a system to distribute configuration files over a network, and besides the inevitable problems in doing that, there's the basic question of having configuration _files_ for system and security onformation available at all. So, you replace the libraries that access files directly (or via NIS) with libraries that call an authentication system, like PAM. Actually, most libraries in a modern unix will have this option available. PAM itself acts as your broker, and will itself use config files, or call a directory for information. Another simplification - LDAP is "just" a fast database, so your PAM could elect to use a SQL database instead. Too many choices are not always a good thing ... :-) > I guess my question is - what is the full Linux/Unix equivalent of > Windows 2000 Active Directory and Domain structure, and Novell's NDS? > Is there a short answer? Now that I'm not sure of, as I've not been convinced that rolling all your data into one delivery service is a good thing. I've only worked at scales where either directories were too much overhead (i.e. small systems) or too limited (large systems). Actually, as with websites, most of the time you don't need dynamism, but it can be handy. Usually I've distributed fixed config files to machines, which means that they can be "fixed" by admins who don't need to know how the distribution method works, only that it exists. Obviously you need to confirm the state of the target before overwriting things ... :-) -jim ********************************************************************** ** This email and attachments have been scanned for content and viruses and is believed to be clean ** This email or attachments may contain confidential or legally privileged information intended for the sole use of the addressee(s). Any use, redistribution, disclosure, or reproduction of this message, except as intended, is prohibited. If you received this email in error, please notify the sender and remove all copies of the message, including any attachments. Any views or opinions expressed in this email (unless otherwise stated) may not represent those of Canterbury District Health Board **********************************************************************
