SUMMARY: Netscape Directory Services, DNS, LDAP, etc...

From: jbeck (jbeck@dolsun.dol.state.nj.us)
Date: Fri Apr 07 2000 - 08:45:54 CDT


received 4-5 responses.
according to one response, 2.8 allows ldap to be entered right in the nsswitch.conf file,
but noone attested to doing that yet.
that would be great.
and if anyone has info on a workable ldap client for 2.6 that would offer this same functionality that'd be great.

Thanks to all for your feedback,
Joe

brief answers were:

---
Solaris 8 make considerable inroad in migrating NIS information to an LDAP server.

If your running Solaris 2.6 or Solaris 7, you may also be interested in an LDAP pam from PADL.

If you want to simply store the information in a Directory Server, and service the clients through the NIS protocols, PADL also sells software to make an LDAP/NIS gateway, so

Checkout: http://www.padl.com/

--- In solaris 8 you can config the nsswitch.conf file to look at ldap --- With Solaris (at least 7) you get the Easy Server CD. This contains Sun's LDAP server, where you can turn on NIS and RADIUS compatibility. Even if you use the netscape server, you can replicate to the Sun server to get NIS functionality. I have not tested any of this yet, but plan to do it.

Solaris 8 is supposed to come with a new Easy Server CD that has the new iPlanet LDAP server. This is the combined Sun-Netscape version, and from what I hear, there is a Sun addition to the iPlanet product on the CD that i expect to be the NIS and RADIUS stuff. Check it out. ---

______________________________________________________ Joe Beck Unix Administrator/Tax Redesign Project jbeck@dol.state.nj.us voice: (609)292-5785

attached mail follows:


With Solaris (at least 7) you get the Easy Server CD. This contains Sun's LDAP
server, where you can turn on NIS and RADIUS compatibility. Even if you use the
netscape server, you can replicate to the Sun server to get NIS functionality. I
have not tested any of this yet, but plan to do it.

Solaris 8 is supposed to come with a new Easy Server CD that has the new iPlanet
LDAP server. This is the combined Sun-Netscape version, and from what I hear, there
is a Sun addition to the iPlanet product on the CD that i expect to be the NIS and
RADIUS stuff. Check it out.

Birger


attached mail follows:


We've just started addressing this question ourselves, as we want to get
away from NIS for our user authorization. One of the DBAs mentioned LDAP
for such authentication, but we'd never heard that before.

We were under the impression that Sun is considering LDAP, but that no one
has actually made any moves in that direction.

We'll let you know if we turn anything up. And, we'll keep an eye out for a
summary if you find something of interest.

Michael Watson
michaelwatson@nfisg.com
Sun Systems Administrator
Norwest Financial Information Services Group
204 12th Street
MailStop - TSC 2nd Floor
Des Moines, IA 50309
Phone 515-557-7897
Pager 515-849-5064

-----Original Message-----
From: jbeck [ mailto:jbeck@dolsun.dol.state.nj.us
<mailto:jbeck@dolsun.dol.state.nj.us> ]
Sent: Tuesday, April 04, 2000 8:06 AM
To: 'sun-managers@sunmanagers.ececs.uc.edu'
Subject: Directory Services, NIS, LDAP, etc...

I've heard that sun is pushing to get away from nis/network information
name service in favor of ldap.
I'm curious if anyone has had experience with netscape's directory service
or like product which incorporates a centralized directory service, offering
network-accessible shared data for such things as user and group
identification,
server identification, and access control information.

Is there a way (a nisclient equiv) to implement this so that hosts can
authenticate users by querying the directory server?
Interested in hearing other people's experiences with this as we'll be
rolling out a new (netscape) mail server taking advantage of ldap
functionality w/in our organization.
Regards,
joe
______________________________________________________
Joe Beck Unix Administrator/Tax Redesign Project
jbeck@dol.state.nj.us
voice: (609)292-5785


attached mail follows:


jbeck wrote:
>
> I've heard that sun is pushing to get away from nis/network information
> name service in favor of ldap.

In solaris 8 you can config the nsswitch.conf file to look at ldap
for hosts, users, etc. I am planning on using this bit it has not
gotten to the top of my pile to do yet :)

> I'm curious if anyone has had experience with netscape's directory service
> or like product which incorporates a centralized directory service, offering
> network-accessible shared data for such things as user and group identification,
> server identification, and access control information.
>
> Is there a way (a nisclient equiv) to implement this so that hosts can
> authenticate users by querying the directory server?

See above for Solaris 8. If you look at padl.com I believe that there
is
a PAM module for this. You may want to look at the iPlanet
meta-directory
product as well.

Kent

-- 
Unix gives you enough rope to shoot yourself in the foot.

attached mail follows:


Yes,

Solaris 8 make considerable inroad in migrating NIS information to an LDAP server.

If your running Solaris 2.6 or Solaris 7, you may also be interested in an LDAP pam
from PADL.

If you want to simply store the information in a Directory Server, and service the
clients through the NIS protocols, PADL also sells software to make an
LDAP/NIS gateway, so

Checkout: http://www.padl.com/

Note: PADL is simply LDAP spelled backward.

jbeck wrote:

> I've heard that sun is pushing to get away from nis/network information
> name service in favor of ldap.
> I'm curious if anyone has had experience with netscape's directory service
> or like product which incorporates a centralized directory service, offering
> network-accessible shared data for such things as user and group identification,
> server identification, and access control information.
>
> Is there a way (a nisclient equiv) to implement this so that hosts can
> authenticate users by querying the directory server?
> Interested in hearing other people's experiences with this as we'll be
> rolling out a new (netscape) mail server taking advantage of ldap
> functionality w/in our organization.
> Regards,
> joe
> ______________________________________________________
> Joe Beck Unix Administrator/Tax Redesign Project
> jbeck@dol.state.nj.us
> voice: (609)292-5785

--
Matthew Lee Stier                  *  Fujitsu Network Communications
Unix Systems Administrator         |  Two Blue Hill Plaza
Ph: 914-731-2097 Fx: 914-731-2011  |  Sixth Floor
Matthew.Stier@fnc.fujitsu.com      *  Pearl River, NY 10965

attached mail follows:


This is at least the 3rd inquiry on this, without any answers. If you
get any, please post.
solaris 8 has the builtin netscape ldap, but I'm not sure how we can use
that to replace NIS. We too are looking to roll out the iplanet mail
server soon.

jbeck wrote:
>
> I've heard that sun is pushing to get away from nis/network information
> name service in favor of ldap.
> I'm curious if anyone has had experience with netscape's directory service
> or like product which incorporates a centralized directory service, offering
> network-accessible shared data for such things as user and group identification,
> server identification, and access control information.
>
> Is there a way (a nisclient equiv) to implement this so that hosts can
> authenticate users by querying the directory server?
> Interested in hearing other people's experiences with this as we'll be
> rolling out a new (netscape) mail server taking advantage of ldap
> functionality w/in our organization.
> Regards,
> joe
> ______________________________________________________
> Joe Beck Unix Administrator/Tax Redesign Project
> jbeck@dol.state.nj.us
> voice: (609)292-5785



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:06 CDT