LDAP REcommendations? ( was RE: LDAP, DNS,
DHCP etc "integration" )
Haarsma, Michael (SAPOL)
michael.haarsma at police.sa.gov.au
Thu Oct 5 00:29:25 CST 2006
Jon,
Yes eDirectory. http://www.novell.com/products/edirectory/ supported on
SLES, Red Hat. FDS/RDS has limited management tools and you cant
natively get windows boxes to authenticate to it, you need to go gina
hacks to make it work. With eDirectory, you just install the Novell
Client and bobs your uncle. You can do the same on Linux (or
PAM/NSS_LDAP). There really is no comparison between the two.
eDirectory does full replication as you request, schema changes on one
will replicate out to all other servers, changes such as passwords, or
accounts etc will go to all servers as well (if they host the effected
partitions).
Ie if you have a user at Coober Pedy, Mt Gambia doesn't need to know
that they have just changed their middle initial. Only the master
replica and sites that may potentially have that user interact with it
need to know. This reduces server load and replication traffic.
DHCP and DNS information is also kept within your eDirectory database,
if you want it too.
I suspect that your 3-4 people maintaining your 20 LDAP slaves could be
reduced to 1 or 2, and you could do far more funky things.
I have kinda repeated myself over two posts.... But not to much. But not
to much.
Michael Haarsma
> -----Original Message-----
> From: linuxsa-bounces at linuxsa.org.au
> [mailto:linuxsa-bounces at linuxsa.org.au] On Behalf Of Jon Soong
> Sent: Thursday, 5 October 2006 9:53 AM
> To: linuxsa; squindler
> Subject: LDAP REcommendations? ( was RE: LDAP, DNS, DHCP etc
> "integration" )
>
>
> >
> >Does anyone know of some "tool" to mix ldap, dns, dhcp etc
> together -
> >ie maintain a machine database in ldap from which DHCP and
> DNS config
> >files can be generated & easily deployed?
>
> Well dunno if they should logically be mixed? Maybe DNS and
> DHCP have some relationship (MAC address' for IP allocation?)
>
> Otherwise I'd just use cvs/svn with some Make scripts. Works
> well for us with 3-4 different people sys-admining the system.
>
> BTW has anyone tried Fedora Directory (or whatever its
> called)? Or has anyone got suggestions for an OpenLDAP
> replacement, the most important bit being that
> configs/schemas can be done on the Master and all Slaves will
> receive them?
>
> At the moment we run something like 20+ LDAP slaves which all
> must be manually updated if the schema gets edited.
>
> Cheers
>
> J
>
>
> >
> >Not that this is too difficult a task to do from scratch
> it'd be handy
> >to see how (if) others have done it and how successful their
> attempts
> >were ...
> >
> >Cheers,
> >Shane.
> >--
> >LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on
> >irc.freenode.net To unsubscribe or change your options:
> > http://www.netcraft.com.au/mailman/listinfo/linuxsa
>
>
> --
> LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on
> irc.freenode.net To unsubscribe or change your options:
> http://www.netcraft.com.au/mailman/listinfo/linuxsa
>
More information about the linuxsa
mailing list