Quoting Alan W. Rateliff, II ([EMAIL PROTECTED]): > ----- Original Message ----- > From: "Chuck Yerkes" <[EMAIL PROTECTED]> > > That said, LDAP is here and solid and very valuable for keeping > > maps in. I make a change in LDAP, and 3 MTAs see it right away > > (same as with Hesiod when I used that in the early-mid 90s). ... > I'm working in at least three environments that will NEVER be updated to > NIS+ or LDAP. I cannot convince the owners that the time necessary to > centralize the user store is worth the billing, and I'm not apt to do it for > free. Ergo, these environments will remain flat-file with a half-assed > implementation of cron-based replication. > > As for my own, I intend to use NIS+. Anything that uses PAM will be able to > use the NIS+ user store. (I'm working in Solaris 8, BTW.) I considered > LDAP, but I've had a complete dog of a time getting LDAP to work properly > (OpenLDAP won't compile, and nothing wants to recognize LDAP libraries that > are supposedly installed already.) I understand Solaris 9 has LDAP > natively, but I'm just building up flight hours for 9, and not in any > production environment. > > So in the long run, a central user-store approach is where I will go, > working under PAM so I can utilize NIS+, LDAP, Active Directory, or > whatever. But I need to start somewhere.
Um, NIS+ is a dog. Sun folks run from NIS+. SUN is moving to LDAP. The ORA LDAP book looked pretty good for starting with OpenLDAP (getting the server up is one challenge, doing data well is another (easier IMHO) one). It's tough to wrap your brain around. Just like with DNS many years ago, I had the big "aha" moment with LDAP when I understood it. OpenLDAP will work best with db4.1.x (whatever's current - a lot of perf things have gone into DB4 because of OpenLDAP work. I'm starting to get it in at a new client. All data will be in LDAP (incl phone numbers, office info, etc for people and another OU for machines (serial numbers, processor/OS info, location, console server info, etc). I'm appalled at sheets of paper that have info about, say console servers and you use that to find the right port, but use another paper for host info, etc. For NIS only machines (old Solaris 2.6 boxes and some AIX machiens), we can extract from LDAP into NIS maps. There are NIS servers from PADL that serve NIS info but use LDAP as its back end. We've needed a good directory for 10 or more years. It replaces a billion files for one point of access and management - from NIS to all sendmail maps to "people use" things like phone books (Macs will speak LDAP for addressbook and for name servers, Mozilla will use it for preferences and book marks - you don't care what machien you're on, you have the info via the network). Now, if qpopper could do native auth against LDAP for the non-PAM platforms ...
