On Tue, Nov 17, 2009 at 1:59 PM, Peter Tribble <peter.trib...@gmail.com> wrote: > I found Ben's poll interesting: > > http://www.cuddletech.com/blog/pivot/entry.php?id=1094 > > although I would have to step back a pace and ask - "What > Naming Service"? Because it's not entirely obvious to me > that a directory server is an optimal answer (it may be the > best, but I don't find it optimal). > > Now I've used standard Name SErvices - NIS and NIS+ - > extensively, and have done a lot of work on LDAP. > > NIS: > > Pretty easy to set up, limited functionality beyond the basic, > data management facilities are crude, scales poorly. > > NIS+: > > A reputation for difficulty, although that's not really true (although > it once was); easy to set up and manage once you know what > you're doing. Decent functionality, scales well, data management > facilities are excellent, limited interoperability, no future. > > LDAP: > > More demanding of resources. While LDAP itself is easy to set > up, actually configuring it to work correctly is a bear. Scales > well, excellent interoperability, but data management facilities > are primitive to non-existent. > > In the past I've loved NIS+ due to its excellent data management > facilities (basically, you can query/modify any field with complete > API and CLI control). > > So I'm spending more time with LDAP, and I'm hating it. Sure, I > can generate LDIF and feed it in, but it seems such a kludge, > and correct configuration seems far too difficult. > > For starters, is there a complete and accurate guide to setting up > (say) OpenDS and configuring it as a Solaris nameservice (because > I haven't found anything even remotely helpful or accurate). > > And then, how do people manage data inside LDAP? Is writing your > own LDIF really the answer?
There are a few (slightly outdated) articles, I've actually contributed some crude scripts to help with the setup of OpenDS w/ *solaris (creating the needed indexes + a few ACIs, though I believe that the ACIs might need some tweaking). And yes, configuration is about as joyful as a root canal. Debugging problems even more so (what's available is rather inadequate). As for managing data, usually one just gets some LDAP tool (I've been using JXplorer, but I believe apache's directory server comes with a generic ldap tool that others have praised). I think there are other problems as well that aren't specific to a particular directory server or the solaris client (best summed up as trying to force fit NIS into LDAP, unscalable + hackish host access control mechanisms, and a few others). I have ideas for addressing most of these (some a bit more radical than others), but the whole day job keeps me from doing anything about them for now...if others are interested, I'm happy to share them. _______________________________________________ sysadmin-discuss mailing list sysadmin-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
