[lug] Re: NFS and LDAP

[Hugh Brown]

by NFS and LDAP I mean that NFS is what we use to share files around the
network.  Each file is owned by a user and can only be accessed by a
user having the correct uid.  NIS takes care of the uid on the network
even though there is no local account with a particular uid.  I'm
assuming that ldap takes care of login requests for which there is no
local account.  How then do I access files that are nfs mounted?

I'm completely ignorant of how ldap works.  I do know that we use nis
and nfs here and that nis is insecure.  So can I replace nis with ldap
and have everything still work the same from a user's perspective.

Hugh


On Fri, 2002-01-11 at 06:53, Eric Kilfoil wrote:
> 
> What do you mean NFS and LDAP?  You mean for nis netgroups?  I haven't
> tried to set up netgroups with the latest version of openldap, but as of
> 2.0.8, i can tell you that it solaris doesn't get along with openldap.
> Solaris sends an odd query for the NisNetGroupTriple, and openldap sees
> that as a malformed query.  So i gave up on that.  Solaris8 comes with a
> 100,000 user license of the iPlanet LDAP server.  iPlanet performs much
> much better than OpenLDAP, so if you have a choice, you probably want
> iPlanet.
> 
> if you do stick with openldap, i know that the padl nss_ldap module does
> have a working nisnetgroup module, so that should work fine for linux.
> You can also use the padl nss_ldap module (www.padl.com)  on solaris
> instead of the default nss_ldap module that's distributed with it.  Then
> your name service config will be consistent across both platforms.
> 
> eric
> 
> On 4 Jan 2002, Hugh Brown wrote:
> 
> > How well do NFS and LDAP (particularly openldap) get along?
> >
> > Hugh
> >
> >
> > On Fri, 2002-01-04 at 05:55, Eric Kilfoil wrote:
> > >
> > > Beware the beast that is NIS.  That's a long tough and rocky road to
> > > travel.  I'd recommend staying away from it.  Just about everyone is
> > > moving to using LDAP as a name service.  NIS (and NIS+) are both going the
> > > way of the dodo.  LDAP is much more powerful and doesn't contain a lot of
> > > the limitiations and security concerns brought about by using NIS or NIS+.
> > > On Linux, you can use the PADL nss_ldap module (probalby comes standard
> > > with linux now), and Solaris is distributed with nss_ldap as well.
> > > There's some catches to using OpenLDAP as a LDAP name service for Solaris.
> > > I have a page devoted to that at http://www.ypass.net/solaris8/openldap
> > >
> > > NIS is evil
> > >
> > > eric
> > >
> > > On Wed, 2 Jan 2002, Chittaranjan Mandal wrote:
> > >
> > > > Hi!
> > > >
> > > > It looks like you had some success with running NIS clients on Solaris to
> > > > a NIS server on Linux.
> > > > I need to do the same.
> > > > But, the first questions that I have is: where do I get the NIS client
> > > > software for solaris, they all run nis+ by default now.
> > > >
> > > > Regards,
> > > > Chitta
> > > >
> > > > _______________________________________________
> > > > Web Page:  http://lug.boulder.co.us
> > > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > >
> > >
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > --
> > ------------------------------------
> > System Administrator/Unix Consultant
> > hugh at vecna.com
> > Vecna Technologies, Inc
> > 6525 Belcrest Rd, Suite 612
> > Hyattsville MD, 20782
> > 301.864.7253
> > http://www.vecna.com
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
-- 
------------------------------------
System Administrator/Unix Consultant
hugh at vecna.com
Vecna Technologies, Inc
6525 Belcrest Rd, Suite 612
Hyattsville MD, 20782
301.864.7253
http://www.vecna.com