OT: NIS to LDAP/AD advise

bryan bryan at redfedora.co.uk
Sat Jun 26 09:11:52 UTC 2010 

On 25/06/2010 23:21, Jamie Bohr wrote:
> Hello All,
>
> Sorry this is off-topic but I would like some advise from this list 
> and possibly get an understanding of what other large organizations 
> are doing for UNIX/Linux authentication management.
>
> I am a Senior Administrator for 3000 UNIX/Linux based devices ranging 
> from HP-UX 10.20-11.31, Solaris 8-10 and RHEL 3-5 at 40 different 
> sites.  Most are using NIS for authentication (separate NIS domains) 
> and the AMD (am-utils) automounter.  I would like to move 
> authentication to LDAP (AD would be better) but before I invest a lot 
> of time and effort I would like advise from this list on what 
> direction I should go.
> Because some of the devices are NOT capable of using LDAP (or AD)  for 
> authentication I will need to keep NIS around until they can be 
> removed from the environment.  If I move to LDAP I would like as much 
> put into LDAP as possible including Netgroup, automounter maps and 
> sudo permissions.
>
> A few questions:
>
>    1. Do you manage a multi-site, multi-geography environment using LDAP?
>          1. If so, what LDAP version do you use?
>          2. Do you keep automounter maps in LDAP?
>          3. Do you keep netgroups in LDAP?
>          4. Do you have SUDO information in  LDAP?
>          5. Do you support OSes other than Linux with LDAP?
>                1. If so, what OSes and version, i.e.: HP-UX 11.23, ...
>    2. Would Fedora Directory server, FreeIPA or something else be the
>       way to go?
>    3. Any advice on resolving over lapping UIDs/GIDs?
>    4. Have anyone used Likewise (or something like it) to authenticate
>       of an AD domain?
>
> -- 
> Jamie Bohr
Hi

Might be worthwhile asking on http://directory.fedoraproject.org/ Rich 
Megginson has been doing ldap things since the year dot, so would 
probably be able to give you some pointers.

Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100626/735b1fec/attachment.html

More information about the users mailing list