[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] NIS, DCE and /etc/passwd replacement



Hi Gerard,

The documentation to the sgi ldap support is not the greatest. They have been
patching the nsd support since IRIX 6.5.1, and only seem to have reached something
reasonably stable in 6.5.7!

Just for the record,

We are using an OpenLDAP server which provides the network information directly to
a few SGI's. All of the other machines are still fed using NIS which in turn gets
its information from files generated using perl scripts which use ldapsearch to
lookup the Directory (cron jobs every half hour). Not very elegant but it works and
was the easiest solution when I started. We use the same method for generating the
DNS entries, mail aliases and our proxy access lists. I have a second ldap server
which is replicated and (touch wood) so far (5 Months) has not gone out of sync.
The whole thing is more an experiment than a production environment!

These days I use the Net::LDAP perl library for new scripts. Appears to be just as
fast as using ldapsearch for returning <1000 entries and I don't have to compile
anything on the target machines.

Simon.

Gerard Ranke wrote:

> On May 26,  6:24pm, Simon Woods wrote:
> > Subject: Re: [ldap] NIS, DCE and /etc/passwd replacement
> > Gerard Ranke wrote:
> >
> >
> > I don't understand..
> >
> > How come only the shadow passwords get read using v3 LDAP? Did you set up
> your nsd
> > server to use v2 LDAP?
> >
> > in /var/ns/ldap.conf in the server configuration:
> >
> > server  133.22.27.37:30002
> > version 2
> > base    "o=nis, c=DE"
> > scope   subtree         ; subtree, onelevel, sbase
> >
> > I don't use shadow passwords, but everything else works (at least most of the
> > time!)
> >
> > Simon.
> >
> >-- End of excerpt from Simon Woods
>
> Well, actually, all the reading was done v3. And the bind always failed, as far
> as I can tell. But I had the password attributes configured world-readable, so
> that didn't make any difference.
>
> I must admit, I completely overlooked the 'version' keyword in the conf file
> and all the man pages... I feel very stupid right now, but thanks a lot for
> pointing this out to me! I'll try again on monday.
>
> Gerard
>
> --