From owner-freebsd-questions@FreeBSD.ORG Thu Jan 27 21:01:58 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBC9716A4CE for ; Thu, 27 Jan 2005 21:01:58 +0000 (GMT) Received: from 9.hellooperator.net (cpc3-cdif2-3-0-cust202.cdif.cable.ntl.com [81.103.32.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F58043D2D for ; Thu, 27 Jan 2005 21:01:58 +0000 (GMT) (envelope-from rasputnik@hellooperator.net) Received: from [10.4.0.5] (helo=eris.tenfour) by 9.hellooperator.net with esmtp (Exim 4.43) id 1CuGm3-0007hT-LO for freebsd-questions@freebsd.org; Thu, 27 Jan 2005 21:01:57 +0000 Received: from rasputnik by eris.tenfour with local (Exim 4.43 (FreeBSD)) id 1CuGm3-000It2-H9 for freebsd-questions@freebsd.org; Thu, 27 Jan 2005 21:01:55 +0000 Date: Thu, 27 Jan 2005 21:01:55 +0000 From: Dick Davies To: FreeBSD Questions Message-ID: <20050127210155.GM57113@eris.tenfour> References: <3388.192.168.1.150.1106853833.squirrel@vipersystems.biz> <41F94A5E.6020502@locolomo.org> <41F94F07.7000308@locolomo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41F94F07.7000308@locolomo.org> User-Agent: Mutt/1.4.2.1i Subject: Re: Syncing 3 Freebsd servers' accounts Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dick Davies List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 21:01:59 -0000 * Erik Norgaard [0129 20:29]: > I forgot: > > O'Reilly has a really good book on LDAP "LDAP System Administration" - > includes a chapter on how to migrate from NIS to LDAP. IMO that's one of the few bad oreilly books - if you want a really good ldap tutorial, get "Understanding and Deploying LDAP Directory Services" the orielly book is more of a cookbook, but does'nt really explain what's going on. > And an honest advantage of NIS: Text files only, and LDAP with pam/nss > is not supported on OpenBSD if you some day need to integrate with that OS. Yeah, but NIS is horribly insecure. I doubt Theo would embrace it with open arms :) NetBSD is almost finished integrating pluggable nsswitch modules, I doubt openbsd will be far behind. No offence to the openbsd crew but if you waited for them to support something before using it on freebsd you wouldn't be running much... The flat file thing is a double-edged sword; it's trivial to dump and restore a directory (at least openldap), and doesn't have the 'issues' I've had with, say, SQL databases, where either you get too much (accidentally try to restore the system tables) or too little (forget the users). And an LDAP directory is useful for much more than just distributed password files, and is straightforward to replicate (don't know how you'd do that with NIS) and fast too. > Also, LDAP requires you to obtain Object Identifiers if you defnine new > types, I haven't heard of OID that can be used for private/experimental > purposes only (like the private ip address spaces). There's no need to get an OID registered (unlike IP addresses; it's not like it's routed) but it's free and they'll happily give you one if you ask. -- 'What have you done to the cat? It looks half-dead.' -- Schroedinger's wife Rasputin :: Jack of All Trades - Master of Nuns