OT: NIS to LDAP/AD advise

[Jamie Bohr <jamiebohr@xxxxxxxxx>]

Hello All,

Sorry this is off-topic but I would like some advise from this list and possibly get an understanding of what other large organizations are doing for UNIX/Linux authentication management.

I am a Senior Administrator for 3000 UNIX/Linux based devices ranging from HP-UX 10.20-11.31, Solaris 8-10 and RHEL 3-5 at 40 different sites.  Most are using NIS for authentication (separate NIS domains) and the AMD (am-utils) automounter.  I would like to move authentication to LDAP (AD would be better) but before I invest a lot of time and effort I would like advise from this list on what direction I should go. 

 

Because some of the devices are NOT capable of using LDAP (or AD)  for authentication I will need to keep NIS around until they can be removed from the environment.  If I move to LDAP I would like as much put into LDAP as possible including Netgroup, automounter maps and sudo permissions.

A few questions:

1. Do you manage a multi-site, multi-geography environment using LDAP?
1. If so, what LDAP version do you use?
2. Do you keep automounter maps in LDAP?
3. Do you keep netgroups in LDAP?
4. Do you have SUDO information in  LDAP?
5. Do you support OSes other than Linux with LDAP?
1. If so, what OSes and version, i.e.: HP-UX 11.23, ...
2. Would Fedora Directory server, FreeIPA or something else be the way to go?
3. Any advice on resolving over lapping UIDs/GIDs?
4. Have anyone used Likewise (or something like it) to authenticate of an AD domain?

-- 
Jamie Bohr
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines