Discussion:
NIS -- LDAP which is the best?
(too old to reply)
senthil@jadooworks
2003-02-19 15:08:53 UTC
Permalink
Hello All,

Thanks a lot for all the replies. :-) Now I am in a confusion to check out which is the best one to use for single point of authentication. Is LDAP better that NIS ? or ir NIS ?


regards


Senthil
Martin Marques
2003-02-19 15:27:16 UTC
Permalink
Post by ***@jadooworks
Hello All,
Thanks a lot for all the replies. :-) Now I am in a confusion to check out
which is the best one to use for single point of authentication. Is LDAP
better that NIS ? or ir NIS ?
Big con for LDAP is the lack of administration tools. I still keep my NIS
servers.
--
Porqué usar una base de datos relacional cualquiera,
si podés usar PostgreSQL?
-----------------------------------------------------------------
Martín Marqués | ***@unl.edu.ar
Programador, Administrador, DBA | Centro de Telematica
Universidad Nacional
del Litoral
-----------------------------------------------------------------
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Johnathan Bailes
2003-02-19 16:15:13 UTC
Permalink
Post by Martin Marques
Post by ***@jadooworks
Hello All,
Thanks a lot for all the replies. :-) Now I am in a confusion to check out
which is the best one to use for single point of authentication. Is LDAP
better that NIS ? or ir NIS ?
Big con for LDAP is the lack of administration tools. I still keep my NIS
servers.
I thought webmin had a ldap module that was pretty good.
--
Johnathan Bailes <***@esi.baesystems.com>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
sentinel
2003-02-19 15:56:17 UTC
Permalink
While NIS/NIS+ is pretty decent for authentication, I've run into issues
from time to time which makes me dread that solution. Another reason I've
been persuing LDAP these last few weeks.

I've seen the NIS/NIS+ database become corrupted which means you spend your
time reparing the damage. I've spoken with numerous people about "why" and
how to prevent another occurrance. The problem usually pops up I've noticed
when people change their passwords. And it's not entirely consistent either
(happens mainly with NIS not usually with NIS+).

LDAP these last few weeks has been working pretty good. I've been using
Netscapes LDAP server then decided to try openLDAP out. While Netscape's
server is really easy to setup and maintain, I don't really have a budget to
purchase it thus openLDAP :-)

One more note. I've noticed a large number of people speaking of migrating
to LDAP through the many groups I participate in. This can't be
coincidence. LDAP also can be encrypted with SSL/TLS providing the security
that NIS+ did. Managing openLDAP with the right tools is a breeze. We're
looking at implementation in the next few weeks. So far I've had a very
positive experience with the product and recommend it.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
nate
2003-02-19 16:20:31 UTC
Permalink
Post by sentinel
While NIS/NIS+ is pretty decent for authentication, I've run into issues
from time to time which makes me dread that solution. Another reason I've
been persuing LDAP these last few weeks.
mostly depends on your platforms.. if your running fairly modern stuff
then LDAP is pretty easy to deploy.. but if your using more obscure
platforms it can be more difficult(earlier versions of AIX, HPUX, IRIX
etc..). Even FreeBSD does not support NSS, so to use LDAP auth on freebsd
you need to have all the accounts created locally on the system(you can
use PAM to authenticate the password itself, but the rest of the info
must be stored locally). Not sure about Open or NetBSD. There is a commercial
NIS<->LDAP gateway which can make deployment easier though. Haven't tried
it myself.

if your network is entirely linux then I think LDAP is the no brainer
choice over NIS/NIS+. Same goes for recent versions of solaris(7-9).

I have quite a bit of info on deploying OpenLDAP for auth:
http://howto.aphroland.de/HOWTO/LDAP

One of the cool features is the host-based "acls", which are described
in detail on my site.

for my systems, the less RPC crap that is installed the better.

I've been running Openldap-based authentication for about a year now
without any issues.

nate
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
sentinel
2003-02-19 16:11:07 UTC
Permalink
www.freshmeat.net and search for ldap.

I was overwhelmed by the number of administration tools available :D

Both web and non web enabled.

Regards



-----------------
Hello All,
Post by ***@jadooworks
Thanks a lot for all the replies. :-) Now I am in a confusion to check out
which is the best one to use for single point of authentication. Is LDAP
better that NIS ? or ir NIS ?
Big con for LDAP is the lack of administration tools. I still keep my NIS
servers.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Martin Marques
2003-02-20 13:33:13 UTC
Permalink
Post by sentinel
www.freshmeat.net and search for ldap.
I was overwhelmed by the number of administration tools available :D
Both web and non web enabled.
Yes, but how about specific tools? I mean, how about if I have a MTA with
accounts on an LDAP server.

Last months LJ has a great article about setting up a Postfix+LDAP+Courier,
and they also say that there is lack of a good administration tool.
Especially compared with NIS that has all the accounts as normal system
accounts on a server.

Saludos... :-)
--
Porqué usar una base de datos relacional cualquiera,
si podés usar PostgreSQL?
-----------------------------------------------------------------
Martín Marqués | ***@unl.edu.ar
Programador, Administrador, DBA | Centro de Telematica
Universidad Nacional
del Litoral
-----------------------------------------------------------------
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
nate
2003-02-20 17:22:19 UTC
Permalink
Post by Martin Marques
Last months LJ has a great article about setting up a
Postfix+LDAP+Courier, and they also say that there is lack of a good
administration tool. Especially compared with NIS that has all the
accounts as normal system accounts on a server.
curius what administration tool is good for NIS ? I've used solaris,
hpux, irix, aix, tru64, freebsd, openbsd, about a dozen flavors of
linux and have yet to see a "good" administration tool for NIS.

If you just mean a basic user management tool that's not what I
would be interested in. The last NIS server I ran was on solaris,
and I only exported the password/group information, the only
management tools I used was useradd, usermod, groupadd, groupmod,
passwd, and cd /var/yp ; make ...

my LDAP server stores email addresses, mail routing addresses, postal
addresses, names, phone numbers, host acl information(what hosts a user
is allowed to login to), descriptions(generic lines with generic
information), along with the rest of the data required for the
user account(uid/gid/password/etc). my LDAP server also stores mail
aliases, hosts a samba-tng backend, and more..

I suppose a management tool could be developed for such a thing
but I suspect by the end it would look much like a LDIF editor, which
is what I use now(ldapexplorer), perhaps with a bit more intelligence
to know what objectClasses are required for certain things, and what
pieces of data could be removed to make entries smaller.

just curious, I keep seeing people mention NIS management tools but
have yet to see anything good, though I admit I have only used the
tools provided by the operating system vendors. solaris is the
absolute worst in out-of-the-box management tools in my experience,
even their management console is a piece of shit :(

HPUX has the nicest one(sam), AIX's is really good too though not
as pretty(smit), I don't remember what tru64's was but I think I
had a good experience with it. IRIX seems to be pretty good too,
though it seems to be much more geared towards workstations/desktop
users. SuSE's YaST2 is extremely impressive, webmin is halfway
decent(I only use it for mysql stuff). Of course it's useful
when a management tool has a text-mode option as well as a
X option, at least sam(I think), and smit run fine in text mode
(good for serial consoles and stuff). YaST2 runs in text mode too
though with greatly reduced functionality(many modules are not
available).

looking for insight..

nate
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Aly Dharshi
2003-02-20 17:50:59 UTC
Permalink
Please don't mind if I decide to disagree with you :) :) I guess that we
in the CS Department (sigh) using Solaris 9 are moving from the NIS+
system to Iplanet Directory Server 5.0, there are management tools with
this software of course, but I think that there is a great tool its
called PERL and some ldap modules such as Mozilla::LDAP::* you can build
whatever you want instead of using the slow java intereface yuck !

Cheers,

Aly.
Post by Martin Marques
Post by sentinel
www.freshmeat.net and search for ldap.
I was overwhelmed by the number of administration tools available :D
Both web and non web enabled.
Yes, but how about specific tools? I mean, how about if I have a MTA with
accounts on an LDAP server.
Last months LJ has a great article about setting up a Postfix+LDAP+Courier,
and they also say that there is lack of a good administration tool.
Especially compared with NIS that has all the accounts as normal system
accounts on a server.
Saludos... :-)
--
Aly S.P Dharshi
***@uleth.ca
Student System Administrator/Network Analyst LDAP Project
Department of Computer Science and Mathematics
University of Lethbridge

"A good speech is like a good dress
that's short enough to be interesting
and long enough to cover the subject"
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Anthony E. Greene
2003-02-20 19:37:32 UTC
Permalink
Post by Aly Dharshi
Please don't mind if I decide to disagree with you :) :) I guess that we
in the CS Department (sigh) using Solaris 9 are moving from the NIS+
system to Iplanet Directory Server 5.0, there are management tools with
this software of course, but I think that there is a great tool its
called PERL and some ldap modules such as Mozilla::LDAP::* you can build
whatever you want instead of using the slow java intereface yuck !
The first time I had to manage an LDAP server, I built a rudimentary CGI
interface that basically displayed the entire record in a text box where I
would edit it and submit the changes. It required some knowledge of the
desired attribute values, but the mechanics of performing the updates was
made much easier.

These days I use GQ (a Gtk LDAP client <http://biot.com/gq/>), but I'm
thinking about building a Perl or shell CLI utility to semi-automate the
search/edit/submit process.

Tony
--
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%***@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation. <http://www.linux.org/>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Aly Dharshi
2003-02-19 17:15:19 UTC
Permalink
Hi Senthil,

You may want to invest in LDAP thats the latest and flexible
technology, NIS/NIS+ isn't flexible.

Aly.
Post by ***@jadooworks
Hello All,
Thanks a lot for all the replies. :-) Now I am in a confusion to check out which is the best one to use for single point of authentication. Is LDAP better that NIS ? or ir NIS ?
regards
Senthil
--
Aly S.P Dharshi
***@uleth.ca
Student and System Administrator ORS Servers

"A good speech is like a good dress
that's short enough to be interesting
and long enough to cover the subject"
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
sentinel
2003-02-20 17:03:12 UTC
Permalink
Well... I am still rather new to LDAP however a search of freshmeat.net
pulled this up. Perhaps this will help.



http://freshmeat.net/projects/qldapadmin/?topic_id=28%2C253%2C861 -
qmail/ldap admin tool.

http://freshmeat.net/projects/jamm/?topic_id=28 - here is one for postfix -
web based

http://freshmeat.net/projects/phpqladmin/?topic_id=28%2C253%2C68 - qmail/web
admin tool

http://freshmeat.net/projects/qmailadmin/?topic_id=28%2C243 - another qmail
admin tool

http://freshmeat.net/projects/webmin/?topic_id=253 - webmin ... Might have
something here that could help.




The tools are coming. Some look promising. Might not be perfect yet but
they are coming :D


---------
Yes, but how about specific tools? I mean, how about if I have a MTA with
accounts on an LDAP server.

Last months LJ has a great article about setting up a Postfix+LDAP+Courier,
and they also say that there is lack of a good administration tool.
Especially compared with NIS that has all the accounts as normal system
accounts on a server.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-***@redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Continue reading on narkive:
Loading...