DISCUSSION: NIS vs NIS+ vs LDAP

From: Steve Plemmons (plemmons@math.msu.edu)
Date: Thu Jan 22 2004 - 13:55:01 EST

• Next message: David McWilliams: "Obscure question?"
• Previous message: Michael Jeffries (M): "Problem installing Solaris on Netra v100"
• In reply to: Mike Ekholm: "SUMMARY: Solaris thumbdrive support"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'd like to start a thread of discussion regarding the naming structures
NIS, NIS+ and LDAP and their merits or lack there of.

We've been running Solaris systems for a long time and obviously started out
using NIS. When NIS+ came along, we jumped on board. It was more secure
and could be easily managed using the AdminSuite. This was fine for years.

Then, introduce LDAP. LDAP has been enticing because of the possibility of
meshing Windows naming structure with Solaris seamlessly. After looking at
the docs that were available, though it looked like way more work than it
was worth.

Now, introduce the fact that Sun is abandoning NIS+ and AdminSuite can no
longer be used in Solaris 9.

I'm sure that I will get flamed for this, but I got really used to using
AdminSuite to manage NIS+. I have all my servers running Solaris 9 now and
am forced to manage it with command line tools. This is not all bad, but I
would still like to be able to pull up a gui tool to manage some of this
stuff.

So, I am left with two choices. One, move back to NIS, or two move to LDAP.

The move to NIS is certainly doable. I have experience with it and I could
use the SMC to manage it, but it seems like a move in the wrong direction
security wise, etc.

Moving to LDAP seems like a good thing to do for many reasons, but it
appears to be a very big job. When NIS+ was introduced, it was an extension
of NIS and the setup has always been pretty straight forward, with all the
tables automatically created for use in Solaris, etc. All one had to do was
populate them and away we go.

Forgive me if I'm missing something, but LDAP doesn't seem to be this easy
at all. I have not read everything there is to read, but from what I have
read it appears that there is a lot of manual work to be done in setting
this up.

I suppose a third choice would be to just limp along with NIS+ until Sun
refines it's LDAP installation to make it easier to setup.

I'd be interested in hearing some arguments to convince me one way or the
other. Maybe I'm missing the boat completely.

If it makes any difference, I have one NIS+ server, several other servers
that are clients, and a lab full of 8-10 machines that are clients. About
400 users.

One last note. I have bought the newest LDAP book written by Haines and
Bialaski, but haven't had time to read it. This may shed some new light
too.

Thanks,

Steve Plemmons
plemmons@math.msu.edu
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: David McWilliams: "Obscure question?"
• Previous message: Michael Jeffries (M): "Problem installing Solaris on Netra v100"
• In reply to: Mike Ekholm: "SUMMARY: Solaris thumbdrive support"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:52 EDT