On Wed, 11 Jul 2001, kevin lyda wrote:
> with less then a dozen boxes is it worth it to use ldap?
no. with one caveat: ldap can be secure, nis can not be.
> what else will ldap give me?
nothing, except security and the ability to use a fancy GUI like
directory_administrator or gq.
and LDAP is a wee bit slower too, but not noticable once you make
sure you have indexes for commonly queried attributes. however,
nss_ldap is, and forever will be, slow for apps that use get*ent().
Eg, don't ever use nss_ldap on a box that runs sendmail and processes
any kind of amount of mail.
> in the future i'll probably integrate these boxes with a network
> that does use ldap, but it will be a different ldap domain
> (correct terminology? - i mean this like a domain in nis terms).
you don't really have domains, you have a tree. it's like DNS.
different levels of the tree may or may not be under different
administrative authorities.
nice thing is that you can configure your machine to search for
accounts in multiple parts of the tree.
however, i think you'd need referrals to work properly for this, and
at the moment AFAICT in openldap they don't. or at least they don't
work invisibly like in DNS, and the openldap guys say that is within
spec and the app should know natively how to follow referrals, so
there's no need for the openldap library to do it.
> kevin
--paulj
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
