OT: NIS to LDAP/AD advise
Jamie Bohr
jamiebohr at gmail.com
Fri Jun 25 22:21:52 UTC 2010
Hello All,
Sorry this is off-topic but I would like some advise from this list and
possibly get an understanding of what other large organizations are doing
for UNIX/Linux authentication management.
I am a Senior Administrator for 3000 UNIX/Linux based devices ranging from
HP-UX 10.20-11.31, Solaris 8-10 and RHEL 3-5 at 40 different sites. Most
are using NIS for authentication (separate NIS domains) and the AMD
(am-utils) automounter. I would like to move authentication to LDAP (AD
would be better) but before I invest a lot of time and effort I would like
advise from this list on what direction I should go.
Because some of the devices are NOT capable of using LDAP (or AD) for
authentication I will need to keep NIS around until they can be removed from
the environment. If I move to LDAP I would like as much put into LDAP as
possible including Netgroup, automounter maps and sudo permissions.
A few questions:
1. Do you manage a multi-site, multi-geography environment using LDAP?
1. If so, what LDAP version do you use?
2. Do you keep automounter maps in LDAP?
3. Do you keep netgroups in LDAP?
4. Do you have SUDO information in LDAP?
5. Do you support OSes other than Linux with LDAP?
1. If so, what OSes and version, i.e.: HP-UX 11.23, ...
2. Would Fedora Directory server, FreeIPA or something else be the way
to go?
3. Any advice on resolving over lapping UIDs/GIDs?
4. Have anyone used Likewise (or something like it) to authenticate of an
AD domain?
--
Jamie Bohr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100625/67806a1d/attachment.html
More information about the users
mailing list