# LDAP vs NIS?

## Nitro

Has anyone setup either LDAP or NIS successfully?  I just want something that will keep all my UIDs, GIDs, and passwords the same across several linux boxes.  I want it to work securly, cleanly and transparently.  

I tried reading up on them and as I understand it NIS was developed my SUN and ported to Linux, and is still in part closed source.  LDAP on the other hand is competely open source and capable of handling more then just user authentication?  

Am I correct or am I missing something?  I can't seem to get LDAP working, from what I've read LDAP is a better solution, yes?

----------

## ves

i've never played with NIS, but LDAP is pretty cool.  I've used it before to setup a qmail/ldap pop toaster.

----------

## Target

I haven't set up LDAP since my network is small and I never add new users. I just copied passwd/shadow/group around. :p

I have heard that it can be used to store things like certificates, so you could use PKI to authenticate users instead of passwords if you wanted to.

----------

## ozric100

If you are up to it.  http://www.arlut.utexas.edu/gash2/

----------

## bart

Nitro, you told me you got LDAP up and running. I don't understand it completely. What am I doing wrong?

I installed 'openldap' and 'pam_ldap' on both the server and the client. I replaced the original 'pam.d' directory from '/etc' with the 'pam.d' directory in '/usr/doc/pam_ldap-134-r1' and unzipped all the files.

Than I edited some configfiles:

/etc/ldap.conf on server:

```
host 127.0.0.1  # localhost

base dc=localdomain  # networkname
```

/etc/ldap.conf on client:

```
host 192.168.1.4  # IP for server

base dc=localdomain  # networkname
```

/etc/openldap/ldap.conf on server:

```
BASE dc=localdomain
```

/etc/openldap/ldap.conf on client:

```
BASE dc=localdomain
```

Isn't it confusing to have both '/etc/ldap.conf' and '/etc/openldap.conf'? Or am I doning something wrong?

/etc/openldap/slapd.conf on server:

```
include /etc/openldap/schema/core.schema

pidfile /var/state/slapd.pid

argsfile /var/state/slapd.args

database ldbm

suffix "dc=localdomain"

rootdn "cn=Manager,dc=localdomain"

rootpw secret

directory /var/state/openldap-ldbm

index objectClass eq
```

That should be okay for now, isn't it?

So, I started slapd on the server:

```
/etc/init.d/slapd start
```

To see if it is running:

```
nmap 192.168.1.4

...

389/tcp  open  ldap

...
```

That looks okay.

What to do now? I don't need the 'slurpd' daemon. True?

ldapsearch on the server works fine:

```
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
```

tells me:

```
version: 2

dn:

namingContexts: dc=localdomain

search: 2

result: 0 Success
```

But on the client it fails:

```
ldap_bind: Can't contact LDAP server
```

I don't now what to do now  :Rolling Eyes: 

I think I have to start some kind of daemon on the clients too, but which?

----------

## tebers

well, if you want read good material bout ldap i can recommend and ibm-redbook

link

or 

link

or just go to www.redbooks.ibm.com and search for ldap

they have really tons of good documentations there.

as I remember ibm and lotus have been really heavy involved with creating ldap

thorsten

----------

## Guest

i've tried ldap and nis

i chose ldap because it was much simpler to integrate with samba

with nis, it was a pain to synchronise passwords between samba and unix

if you are looking to go with a pure unix solution then

ldap for keeping uids and gids the same

and kerberos for authentication

and try and find as many kerbelized services as you can

this way, you log in once, and you don't have to keep on re-authenticating

----------

## ramirezevanswa

NIS is dying out everywhere. But LDAP may be overkill for a small home LAN.LDAP is very conciliatory but very complicated as well. Where I work we use it for authentication to our web site but the other systems are a mix of NIS and mostly NIS+.I can setup a NIS domain for 50000 users in under 30 minutes for a global organization including  old hardware. Windows can work nicely with LDAP

----------

## Nitro

Holy thread resurrection, batman!

This thread is over 8 years old.  :Smile: 

----------

## cach0rr0

 :Laughing: 

thread 1334

we're up to ~850,000 now. 

I don't think i could find a thread this old if I'd actively sought it out.

----------

