| View previous topic :: View next topic |
| Author |
Message |
Nitro
Bodhisattva
Joined: 08 Apr 2002
Posts: 661
Location: San Francisco
|
 Posted: Tue Apr 30, 2002 12:12 am Post subject: LDAP vs NIS? |
 |
|
Has anyone setup either LDAP or NIS successfully? I just want something that will keep all my UIDs, GIDs, and passwords the same across several linux boxes. I want it to work securly, cleanly and transparently.
I tried reading up on them and as I understand it NIS was developed my SUN and ported to Linux, and is still in part closed source. LDAP on the other hand is competely open source and capable of handling more then just user authentication?
Am I correct or am I missing something? I can't seem to get LDAP working, from what I've read LDAP is a better solution, yes?
_________________
- Kyle Manna
Please, please SEARCH before posting.
There are three kinds of people in the world: those who can count, and those who can't. |
|
| Back to top |
|
 |
ves
n00b
Joined: 17 Apr 2002
Posts: 30
|
| Posted: Tue Apr 30, 2002 12:48 am Post subject: |
|
|
| i've never played with NIS, but LDAP is pretty cool. I've used it before to setup a qmail/ldap pop toaster. |
|
| Back to top |
|
|
Target
Apprentice
Joined: 25 Apr 2002
Posts: 200
|
| Posted: Tue Apr 30, 2002 12:50 am Post subject: |
|
|
I haven't set up LDAP since my network is small and I never add new users. I just copied passwd/shadow/group around. :p
I have heard that it can be used to store things like certificates, so you could use PKI to authenticate users instead of passwords if you wanted to. |
|
| Back to top |
|
|
ozric100
Tux's lil' helper
Joined: 23 Apr 2002
Posts: 136
|
|
| Back to top |
|
|
bart
n00b
Joined: 13 Apr 2002
Posts: 60
|
| Posted: Tue May 21, 2002 9:48 pm Post subject: |
|
|
Nitro, you told me you got LDAP up and running. I don't understand it completely. What am I doing wrong?
I installed 'openldap' and 'pam_ldap' on both the server and the client. I replaced the original 'pam.d' directory from '/etc' with the 'pam.d' directory in '/usr/doc/pam_ldap-134-r1' and unzipped all the files.
Than I edited some configfiles:
/etc/ldap.conf on server:
| Code: | host 127.0.0.1 # localhost
base dc=localdomain # networkname |
/etc/ldap.conf on client:
| Code: | host 192.168.1.4 # IP for server
base dc=localdomain # networkname |
/etc/openldap/ldap.conf on server:
| Code: | | BASE dc=localdomain |
/etc/openldap/ldap.conf on client:
| Code: | | BASE dc=localdomain |
Isn't it confusing to have both '/etc/ldap.conf' and '/etc/openldap.conf'? Or am I doning something wrong?
/etc/openldap/slapd.conf on server:
| Code: | include /etc/openldap/schema/core.schema
pidfile /var/state/slapd.pid
argsfile /var/state/slapd.args
database ldbm
suffix "dc=localdomain"
rootdn "cn=Manager,dc=localdomain"
rootpw secret
directory /var/state/openldap-ldbm
index objectClass eq |
That should be okay for now, isn't it?
So, I started slapd on the server:
| Code: | | /etc/init.d/slapd start |
To see if it is running:
| Code: | nmap 192.168.1.4
...
389/tcp open ldap
... |
That looks okay.
What to do now? I don't need the 'slurpd' daemon. True?
ldapsearch on the server works fine:
| Code: | | ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts |
tells me:
| Code: | version: 2
dn:
namingContexts: dc=localdomain
search: 2
result: 0 Success |
But on the client it fails:
| Code: | | ldap_bind: Can't contact LDAP server |
I don't now what to do now 
I think I have to start some kind of daemon on the clients too, but which? |
|
| Back to top |
|
|
tebers
Tux's lil' helper
Joined: 24 Apr 2002
Posts: 115
Location: Germany, Kirchheim near Munich
|
| Posted: Tue May 21, 2002 10:27 pm Post subject: |
|
|
well, if you want read good material bout ldap i can recommend and ibm-redbook
link
or
link
or just go to www.redbooks.ibm.com and search for ldap
they have really tons of good documentations there.
as I remember ibm and lotus have been really heavy involved with creating ldap
thorsten |
|
| Back to top |
|
|
Guest
|
| Posted: Wed May 22, 2002 12:27 pm Post subject: |
|
|
i've tried ldap and nis
i chose ldap because it was much simpler to integrate with samba
with nis, it was a pain to synchronise passwords between samba and unix
if you are looking to go with a pure unix solution then
ldap for keeping uids and gids the same
and kerberos for authentication
and try and find as many kerbelized services as you can
this way, you log in once, and you don't have to keep on re-authenticating |
|
| Back to top |
|
|
ramirezevanswa
n00b
Joined: 16 Jun 2010
Posts: 3
|
| Posted: Wed Jun 16, 2010 6:28 am Post subject: |
|
|
NIS is dying out everywhere. But LDAP may be overkill for a small home LAN.LDAP is very conciliatory but very complicated as well. Where I work we use it for authentication to our web site but the other systems are a mix of NIS and mostly NIS+.I can setup a NIS domain for 50000 users in under 30 minutes for a global organization including old hardware. Windows can work nicely with LDAP
_________________
Mistakes are the portals of discovery. |
|
| Back to top |
|
|
Nitro
Bodhisattva
Joined: 08 Apr 2002
Posts: 661
Location: San Francisco
|
| Posted: Wed Jun 16, 2010 8:34 am Post subject: |
|
|
Holy thread resurrection, batman!
This thread is over 8 years old. 
_________________
- Kyle Manna
Please, please SEARCH before posting.
There are three kinds of people in the world: those who can count, and those who can't. |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Wed Jun 16, 2010 10:16 pm Post subject: |
|
|
thread 1334
we're up to ~850,000 now.
I don't think i could find a thread this old if I'd actively sought it out.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
|
Networking & Security
