Hi guys,
if i might add my view onto this matter .. :]
I think the LDAP doesn't complicate things - on the contrary, it
simplify them.
Ofc, the installation and configuration of 389 Directory server (if
speaking about RHEL and clones) is definitely much more demanding in
know-how compared to YP.
But speaking then about day-to-day work, and setting up other things
than need authentication, the LDAP is a blessing.
Half year ago i helped to do a 'switch' to LDAP for a company (300
users) in mixed env of Windows workstations and servers, Linux
workstations and servers.
DC was 3.6 samba authenticating windows users and YP for unix /linx users.
Then other various systems needing authentication (printers, IM system,
zimbra, blackberry server ... maintaining anything user-data related was
hell for the IT team.
I implemented 389DS with as a authentication backend for Samba and SSSD.
And i pointed all other applications / devices that require
authentication to LDAP too (printers, openfire server, osticket system,
zimbra server etc etc).
With the help of smbldap-tools and written scripts i recrunched data,
changed needed rights, Samba RIDs and SIDs, Linux UIDs and migrated
everything.
Since then, no more user-data problems.
What i want to say is, YP server, thanks to it's simplicity still has
its uses in purely Unix/Linux secured LANs, but such an environment is
quite a rarity nowadays.
LDAP is the standard these days in both worlds - unix and windows alike.
No matter if speaking about windows AD with multimaster replication or
about IPA (again with mulstimaster repl) the backend storing user data
is still LDAP.
cheers,
--
*Karel Lang*
*Unix/Linux Administration*
[log in to unmask] | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
|