Re: Password control with YP(NIS)

[Juan Carlos Gomez <gomez@cthulhu.engr.sgi.com>]

David J N Begley wrote:

> On Tue, 11 May 1999, Juan Carlos Gomez wrote:
>
> > Prasad HS wrote:
> > > How to synchronise NIS and Novel passwords with a single LDAP repository?
> >
> > I have just finished adding the schema that you need to store NIS
> > information (under ldap/schema/nis*) to our development version of
> > openldap, however, you need more than that...
>
> Is this using the RFC 2307 schema?
>

Yes, Dave  I used Luke's RFC for this.

> Our project is merging our NDS (Novell) accounts/passwords with our Unix
> (Solaris) accounts/passwords using LDAP.  The proof-of-concept was built using
> OpenLDAP (for the Solaris box using remote authentication/lookups) but the
> system will go live using Novell's NLDAP.NLM (NDSv8) on NetWare 5.



> In addition to putting objects into an LDAP directory (such as OpenLDAP), you
> need some way of authenticating against it (such as PAM libraries on Solaris
> or Linux) and also a lookup mechanism if you don't want to maintain all those
> users in /etc/passwd or /etc/shadow (such as NSS - again in Solaris and glibc
> on Linux).



> > basically if you want your clients to continue to use NIS you need a
> > gateway that will turn NIS queries into LDAP ones.
>

Correct he probably needs to get this piece.....

> Alternatively, if the "clients" are machines (as opposed to applications) then
> configure PAM/NSS on those machines to use LDAP directly instead of NIS.  :-)
>
> Cheers..
>
> dave