[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] NIS, DCE and /etc/passwd replacement



Hello Simon,


On May 28,  4:11pm, Simon Woods wrote:
> Subject: Re: [ldap] NIS, DCE and /etc/passwd replacement
> Hi Gerard,
>
> The documentation to the sgi ldap support is not the greatest. They have been
> patching the nsd support since IRIX 6.5.1, and only seem to have reached
something
> reasonably stable in 6.5.7!
>

I guess you're right, but it was enough to get going. The line with the version
keyword was missing in my config file, but still present in the original sgi
version, so I must have accidentally deleted it. It works just fine now. But I
did see complaints about nsd on usenet, especially from NIS users. We don't use
NIS, and luckily we don't have problems with nsd.

> Just for the record,
>
> We are using an OpenLDAP server which provides the network information
directly to
> a few SGI's. All of the other machines are still fed using NIS which in turn
gets
> its information from files generated using perl scripts which use ldapsearch
to
> lookup the Directory (cron jobs every half hour). Not very elegant but it
works and
> was the easiest solution when I started. We use the same method for
generating the
> DNS entries, mail aliases and our proxy access lists. I have a second ldap
server
> which is replicated and (touch wood) so far (5 Months) has not gone out of
sync.
> The whole thing is more an experiment than a production environment!
>
> These days I use the Net::LDAP perl library for new scripts. Appears to be
just as
> fast as using ldapsearch for returning <1000 entries and I don't have to
compile
> anything on the target machines.
>
> Simon.
>
>-- End of excerpt from Simon Woods

I have just decided to go the java way myself. It will be interesting to see
how it performs. I'm still only working in a test environment, but we plan to
gradually introduce it in the next few months. Sgi's nsd setup makes this quite
easy, so I'm rather pleased with it. First thing we want to do apart from unix
authentication is to have our radius server authenticate from ldap. Sgi
promised to support {crypt} passwords for 6.5.8, so that should be do-able...
Thanks again for the tip!

Gerard


--