Hi guys,
if i might add my view onto this matter .. :]

I think the LDAP doesn't complicate things - on the contrary, it 
simplify them.
Ofc, the installation and configuration of 389 Directory server (if 
speaking about RHEL and clones) is definitely much more demanding in 
know-how compared to YP.

But speaking then about day-to-day work, and setting up other things 
than need authentication, the LDAP is a blessing.

Half year ago i helped to do a 'switch' to LDAP for a company (300 
users) in mixed env of Windows workstations and servers, Linux 
workstations and servers.

DC was 3.6 samba authenticating windows users and YP for unix /linx users.

Then other various systems needing authentication (printers, IM system, 
zimbra, blackberry server ... maintaining anything user-data related was 
hell for the IT team.

I implemented 389DS with as a authentication backend for Samba and SSSD. 
And i pointed all other applications / devices that require 
authentication to LDAP too (printers, openfire server, osticket system, 
zimbra server etc etc).

With the help of smbldap-tools and written scripts i recrunched data, 
changed needed rights, Samba RIDs and SIDs, Linux UIDs and migrated 
everything.

Since then, no more user-data problems.

What i want to say is, YP server, thanks to it's simplicity still has 
its uses in purely Unix/Linux secured LANs, but such an environment is 
quite a rarity nowadays.

LDAP is the standard these days in both worlds - unix and windows alike. 
No matter if speaking about windows AD with multimaster replication or 
about IPA (again with mulstimaster repl) the backend storing user data 
is still LDAP.

cheers,

-- 
*Karel Lang*
*Unix/Linux Administration*
[log in to unmask] | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz