Re: coordinated NIS and LDAP servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Nov 4, 2011, at 2:48 PM, Boris Epstein <borepstein@xxxxxxxxx> wrote:

> Hello listmates,
> We are currently running NIS for authentication but would like to
> migrate to LDAP. Thing is, though, that some of the machines that
> authenticate via NIS are so old I'd rather not even touch them.
> Hence the question - is there a good way to have an NIS server for
> user authentication that is a mirror image of an LDAP server, with a
> proviso that an update introduced there is replicated in the LDAP
> server's databases?

You could have the NIS maps setup by your capable LDAP clients. Use getent on those boxes and filter out the local accounts, set them up as NIS servers but make sure they don't reference both NIS and LDAP.

In my environment I have my NIS servers use winbind to get AD accounts into NIS as winbind will map Windows UUIDs to UIDs and GIDs. Just customized the map building scripts to use getent and filtered out the local accounts.

If I migrate over to OpenLDAP in the future I merely change this on the NIS servers. I could also merge both AD and OpenLDAP if UIDs and GIDs don't collide.

All authentication is handled by Kerberos, so password management doesn't need to fit in, the only thing that might require extra config is the shell management stuff. I just standardize on bash across the board here.

-Ross

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux