[mythtv-users] [SLIGHTLY-OT] LDAP vs NIS vs NFS

Paul Bender pebender at san.rr.com
Fri Jul 4 02:37:30 UTC 2008


Matt White wrote:
> Brad Fuller wrote:
>> I'm always having to make sure the uid and gid's are the same for NFS
>> on all my boxes and it's a pain everytime I add a box. I read
>> somewhere that NIS would be a better way to go, that I wouldn't have
>> to worry about that. Anyone using NIS? Is LDAP a better way to go. I
>> see it's much more secure, but from my investigations it sure looks
>> tough installing.
> 
> I use LDAP at work and at home.  I have used NIS in the past - as others 
> have said, if you're not already doing NIS, don't bother.  LDAP is "the 
> way of the future" (ooh!)
> 
> I just wanted to point you at a very helpful set of tools for getting 
> started with LDAP.  Check out smbldap-tools...it makes it very easy to 
> set up a basic LDAP tree for Linux and Samba authentication, and 
> provides you with easy scripts to manage users & groups.

Yes, the smbldap-tools can be very useful. Especially when you want to 
make your Linux+Samba server into a Microsoft Windows domain controller.

The mention of these tools made me think of something else that I 
encountered when converting my home network to LDAP.

For those venturing into using LDAP, be sure you familiarize yourself 
with the difference between IETF RFC-2307 and IETF RFC-2307bis. While 
IETF RFC-2307bis never made it beyond the IETF ID 
draft-howard-rfc2307bis-01.txt (at least as far as I know), it is 
relatively well supported and more flexible than IETF RFC-2307. For my 
home network, I chose to follow defacto standard 2307bis rather than 
actual standard (technically RFC) 2307. If you decide to go with 
2307bis, then you will want a 2307bis OpenLDAP schema file.

It was the differences between 2307 and 2307bis that caused me to create 
patches for certain services/daemons (i.e. SASL and RADIUS). Thankfully, 
these patches have become part of the upstream packages. Therefore, as 
long as you are using versions at least as new as the versions in RHEL5, 
the patches are included.


More information about the mythtv-users mailing list