Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Moving servers from NIS to LDAP



On 07/11/2012 04:53 PM, Derek Martin wrote:
> On Tue, Jul 10, 2012 at 02:53:11PM -0400, Jerry Feldman wrote:
>> Our company's servers are moving from the Boston facility to IBM's
>> facilities, and we will have to replace NIS with LDAP. We don't get to
>> vote, NIS will be replaced.
> You sound sad about this.  You probably shouldn't.  NIS is dead; it's
> hard to secure, and easy to spoof.  It's been a dying (dead?)
> technology for years, and LDAP (or AD, which is essentially LDAP) has
> been the standard replacement for it since maybe about 1999 (there are
> others, naturally).  It might be a pain to deal with the migration,
> but it's really a small pain (as migrations go), and your environment
> will likely be much more secure for it.  This is not news to you;
> people on this list have been telling you to use LDAP instead of NIS
> for years.  :)
>
> Of course, if loss of control over the environment is what you're
> lamenting, it was bound to happen...  Resistance is futile. =8^)
> The good news is, it's probably one less thing you'll need to pay
> attention to, at least for the most part.
>
>
I'm not sad. When I set up the Boston servers, the only reason I chose
NIS over LDAP is that our company already used NIS on all their
Linux/Unix systems.
The main issues for me are:
Will I have to change uids and gids This is an issue for our IT people.
If they wil create a separate OU or LDAP group for us, great. If they
want to merge is in, that creates a few more issues
If we get merged in, then I will also have to set up a way to restrict
access to our servers either by using LDAP or a few other tools that I
previously mentioned. In most cases, I can do it once and push it to all
the other servers like I do with automount.

The only issue is that out LDAP servers will be in Toronto and Ottowa,
but we can cache and slave here.



-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org