[Fedora] Re: LDAP vs. NIS+

Craig White craigwhite at azapple.com
Tue Nov 15 04:29:26 UTC 2005 

On Mon, 2005-11-14 at 21:19 -0700, Ashley M. Kirchner wrote:
> Aly Dharshi wrote:
> 
> > Fedora Directory Server is a good free piece of software that will 
> > play nicely on Fedora, Sun and any LDAP compliant system.
> 
>     Just from reading the first few pages of the Documentation [at 
> http://directory.fedora.redhat.com/wiki/Documentation], I get the 
> overwhelming feeling this might be way overkill for what I want (not to 
> mention way over my head as well.)  Then again, I have never done 
> anything with LDAP, I don't understand it, and don't really know what 
> it's potential is.  So perhaps I need to track back a bit here and ask 
> for some guidance.  What IS LDAP and what can it do for me?  Is that 
> really what I want to use considering what I want to  accomplish 
> (hopefully this comes out and doesn't get mangled):
> 
>                            [ accounts server ]
>                                     |
>                                     |
>         +---------------------------+-------------------------+
>         |                           |                         |
>         |                           |                         |
>  [ www server ]  <- NFS ->  [ shell server ]  <- NFS ->  [ mail spool ]
> 
> 
>     With the 'accounts server' being the one machine where user accounts 
> are managed.  The www and mail servers just need to know the UID/GID (I 
> think) to function properly, like being able to save files with the 
> proper permissions.  And the shell server is the one everyone uses to 
> log in on, keep their files and do whatever.
> 
>     So, with my limited amount of understanding, I think what I need is 
> www and mail being able to replicate the users' permissions based on the 
> accounts server, and the shell server being able to authenticate against 
> the accounts server.
> 
>     (I don't even know if I'm using the correct terms here, so if I'm 
> not, feel free to correct me.)
> 
>     Tell me Fedora Directory Server isn't overkill, and I'll shut up and 
> continue reading.  Tell me LDAP is really what I want to use here, and 
> I'll go spend the next several weeks trying to figure it out and learn 
> the whole thing - if that's even possible.
----
ldap is infinitely scalable and replication is common (more than one
ldap server). You could have just one server or many servers to parcel
out the load. 

LDAP is very obtuse at first. Set it up on a little used or new computer
and play around with it, learn how to set up the basics and use the
shell tools - gui comes later.

Be prepared to spend a bunch of time learning it.

Most people are familiar with openldap on these lists.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the users mailing list