Hello Ashley,
I hope that you are well. Join the mailing list for Fedora Directory Server,
they are extremely helpful over there, with RedHat engineers on the list, you
can't go wrong. There is a GUI that should be able to make your life easier
(creating accounts and such) and this product is similar to Sun's DS, *but* not
exactly the same.
LDAP does look daunting at first, but it can do a wide variety of things that
you would find very tideous and painful in NIS/NIS+, Craig White has outlined
some of the most interesting issues. Unless I am wrong you want a centralized
account management system, if so LDAP will certainly help. What ever you can
setup in NIS+ you can in LDAP, ethers, hosts, passwd, groups, heck with Sun OS
you can setup a NIS+ system that interacts with a backend LDAP server. You will
find that Sun is going to support NIS+ for people like my company for a little
while longer before we find that its going to got away and a rush migration will
take place.
Also ask questions on the FDS mailing list, you will find that people are
willing to help newbies, as well as there is tons of Howtos on the wiki site.
OpenLDAP is good too, but I would side with FDS as its bound to one day become
the default in Fedora over OpenLDAP (my opinion). So try it out on a test
server with a test client, make the system go see how you can tweak things, to
suit your taste buds, this isn't going to be something that you will get perfect
overnight, but you sound dedicated so it won't take a long long time :) :).
Cheers,
Aly.
Ashley M. Kirchner wrote:
Aly Dharshi wrote:
Fedora Directory Server is a good free piece of software that will
play nicely on Fedora, Sun and any LDAP compliant system.
Just from reading the first few pages of the Documentation [at
http://directory.fedora.redhat.com/wiki/Documentation], I get the
overwhelming feeling this might be way overkill for what I want (not to
mention way over my head as well.) Then again, I have never done
anything with LDAP, I don't understand it, and don't really know what
it's potential is. So perhaps I need to track back a bit here and ask
for some guidance. What IS LDAP and what can it do for me? Is that
really what I want to use considering what I want to accomplish
(hopefully this comes out and doesn't get mangled):
[ accounts server ]
|
|
+---------------------------+-------------------------+
| | |
| | |
[ www server ] <- NFS -> [ shell server ] <- NFS -> [ mail spool ]
With the 'accounts server' being the one machine where user accounts
are managed. The www and mail servers just need to know the UID/GID (I
think) to function properly, like being able to save files with the
proper permissions. And the shell server is the one everyone uses to
log in on, keep their files and do whatever.
So, with my limited amount of understanding, I think what I need is
www and mail being able to replicate the users' permissions based on the
accounts server, and the shell server being able to authenticate against
the accounts server.
(I don't even know if I'm using the correct terms here, so if I'm
not, feel free to correct me.)
Tell me Fedora Directory Server isn't overkill, and I'll shut up and
continue reading. Tell me LDAP is really what I want to use here, and
I'll go spend the next several weeks trying to figure it out and learn
the whole thing - if that's even possible.
--
Aly S.P Dharshi
aly.dharshi@xxxxxxxxx
"A good speech is like a good dress
that's short enough to be interesting
and long enough to cover the subject"
