-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

news_searcher wrote:
| Does anyone have any admin suggestions for propagating ( mass changing
) of
| a users password across a networked linux farm? I have seen one method
| using an "expect" script, but expect is not distributed on these servers.
|
|
Perhaps you should look at ldap to manage password authentication. Its
ideally suited for a networked environment with lots of computers to be
administered (as one).

http://www.openldap.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFACW4qkY9EF6QEdTkRAkgVAKCCL+qwJJ6rm7zWtOAj3r asSsV2kACdFX3l
20DPt62a/YXO68bnkc88o0E=
=JQ+y
-----END PGP SIGNATURE-----

On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> news_searcher wrote:
> | Does anyone have any admin suggestions for propagating ( mass changing
> ) of
> | a users password across a networked linux farm? I have seen one method
> | using an "expect" script, but expect is not distributed on these servers.
> |
> |
> Perhaps you should look at ldap to manage password authentication. Its
> ideally suited for a networked environment with lots of computers to be
> administered (as one).
>
> http://www.openldap.org/

Am I the only person to look at this and say "what does it do ?" and
"whats it for ?"

The descriptions are clever, but I still don't understand what its for !!!!

Is it a domain controller ? A Filesystem ? A database ? A replacement for
DNS ?????

"root" quoted and wrote in message
newsan.2004.01.18.08.44.02.728333@home.com

>> http://www.openldap.org/
>
> Am I the only person to look at this and say "what does it do ?" and
> "whats it for ?"
>
> The descriptions are clever, but I still don't understand what its
> for !!!!
>
> Is it a domain controller ? A Filesystem ? A database ? A
> replacement for DNS ?????

http://www.tldp.org/HOWTO/LDAP-HOWTO/ answers all your questions.

--
use hotmail for any email replies



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

root wrote:
| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
|>Perhaps you should look at ldap to manage password authentication. Its
|>ideally suited for a networked environment with lots of computers to be
|>administered (as one).
|>
|>http://www.openldap.org/
|
|
| Am I the only person to look at this and say "what does it do ?" and
| "whats it for ?"
|
| The descriptions are clever, but I still don't understand what its for
!!!!
|
| Is it a domain controller ? A Filesystem ? A database ? A replacement for
| DNS ?????
|

OpenLDAP is a directory server. LDAP stands for Lightweight Directory
Access Protocol.

It is big on security, so much so that you can securely setup clients to
authenticate users not with the local password database (/etc/passwd)
but with the "database" or directory stored on the trusted LDAP server.

In simpler terms, the client computers let the LDAP server check wether
the username/password is correct. (So you only need to manage the
username/passwords on the one computer, the LDAP server.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFACo21kY9EF6QEdTkRAnfbAJ9L9PpBgNGEMRDdnDru5Z vK8uBQOQCeKgnS
NHqkoHSl8zMg6wDDF+ws5xk=
=mny5
-----END PGP SIGNATURE-----

On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> root wrote:
> | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
> |>Perhaps you should look at ldap to manage password authentication. Its
> |>ideally suited for a networked environment with lots of computers to be
> |>administered (as one).
> |>
> |>http://www.openldap.org/
> |
> |
> | Am I the only person to look at this and say "what does it do ?" and
> | "whats it for ?"
> |
> | The descriptions are clever, but I still don't understand what its for
> !!!!
> |
> | Is it a domain controller ? A Filesystem ? A database ? A replacement for
> | DNS ?????
> |
>
> OpenLDAP is a directory server. LDAP stands for Lightweight Directory
> Access Protocol.
>
> It is big on security, so much so that you can securely setup clients to
> authenticate users not with the local password database (/etc/passwd)
> but with the "database" or directory stored on the trusted LDAP server.
>
> In simpler terms, the client computers let the LDAP server check wether
> the username/password is correct. (So you only need to manage the
> username/passwords on the one computer, the LDAP server.)
>
Thanks, I think they need to add a simple "what is this typically for" to
their documentation, I read 5 pages of into in the FAQ and had less idea
when I finished than I thought I had when I started ;-) !

Unix network projects seem to tread on each others toes ?? For example if
you authenticate with LDAP I guess you can get a home directory etc.... in
the M/Soft world that would be a "domain controller" - but hang on isn't
the unix domain controller NIS ... or this is LDAP intended as a
replacement for NIS?

Also in windows at the client can "mount" the network volume
for the user, in unix file systems are statically mounted... doest this
make things a bit clunky for large distributed networks or is what i'm
reading out of date for linux ?

Cheers, Jon

"root" wrote in message
newsan.2004.01.19.11.26.41.98208@home.com...
> On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > root wrote:
> > | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
> > |>Perhaps you should look at ldap to manage password authentication. Its
> > |>ideally suited for a networked environment with lots of computers to
be
> > |>administered (as one).
> > |>
> > |>http://www.openldap.org/
>
> ... or this is LDAP intended as a replacement for NIS?
>

A few years ago we used NIS for sharing Unix account information and
passwords. Is NIS obsolete? Can someone point out advantages or
disadvantages of LDAP versus NIS? Can LDAP be integrated with Windows
Active Directory?

Thanks very much.

George Elkins

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

root wrote:
| On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
|
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>root wrote:
|>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
|>|>Perhaps you should look at ldap to manage password authentication.
[snip]
|>
|>OpenLDAP is a directory server. LDAP stands for Lightweight Directory
|>Access Protocol.
|>
|>It is big on security, so much so that you can securely setup clients to
|>authenticate users not with the local password database (/etc/passwd)
|>but with the "database" or directory stored on the trusted LDAP server.
|>
|>In simpler terms, the client computers let the LDAP server check wether
|>the username/password is correct. (So you only need to manage the
|>username/passwords on the one computer, the LDAP server.)
|>
|
[snip]
| Unix network projects seem to tread on each others toes ?? For example if
| you authenticate with LDAP I guess you can get a home directory etc.... in
| the M/Soft world that would be a "domain controller" - but hang on isn't
| the unix domain controller NIS ... or this is LDAP intended as a
| replacement for NIS?

Not really. It was designed with more in mind. It just happens to be
good at authentication. LDAP can do so much more, like provide a
directory of email address for your email client, to name just one.

For more on LDAP and authentication, see
http://www.mandrakesecure.net/en/docs/ldap-auth.php
To get this link I googled ldap authentication. Came 3rd.
http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
came 5th. C'mon, to google is good.

|
| Also in windows at the client can "mount" the network volume
| for the user, in unix file systems are statically mounted... doest this
| make things a bit clunky for large distributed networks or is what i'm
| reading out of date for linux ?
Network filesystems aren't statically mounted anymore. google automount
for info. Its been around for quite a while now (couple of years).

There is also a great "alternative" to traditional network mounts,
Intermezzo. Its a true distributed filesystem, has many great features,
with few of the disadvantages of traditional shares.

As a side note, you might want to have a look at
http://www.catb.org/~esr/faqs/smart-questions.html if you want
answers/non-impatient answers to your questions. I've decided only today
that I don't have the time to answer questions from people who haven't
read "How To Ask Questions The Smart Way".

Sorry if I seem impatient, because thats what I am atm. Most of this
post could have been googled.

- --
Ben M.

- ----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harrasment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
- ----------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFADARwkY9EF6QEdTkRAsCvAJ9IYjkx3Y3+ghjFnchX4b NjY9zjVgCeJ3TS
FyM3UKslOPPEwH+FSQpHYAk=
=5u1l
-----END PGP SIGNATURE-----

On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> root wrote:
> | On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
> |
> |
> |>-----BEGIN PGP SIGNED MESSAGE-----
> |>Hash: SHA1
> |>
> |>root wrote:
> |>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
> |>|>Perhaps you should look at ldap to manage password authentication.
> [snip]
> |>
> |>OpenLDAP is a directory server. LDAP stands for Lightweight Directory
> |>Access Protocol.
> |>
> |>It is big on security, so much so that you can securely setup clients to
> |>authenticate users not with the local password database (/etc/passwd)
> |>but with the "database" or directory stored on the trusted LDAP server.
> |>
> |>In simpler terms, the client computers let the LDAP server check wether
> |>the username/password is correct. (So you only need to manage the
> |>username/passwords on the one computer, the LDAP server.)
> |>
> |
> [snip]
> | Unix network projects seem to tread on each others toes ?? For example if
> | you authenticate with LDAP I guess you can get a home directory etc.... in
> | the M/Soft world that would be a "domain controller" - but hang on isn't
> | the unix domain controller NIS ... or this is LDAP intended as a
> | replacement for NIS?
>
> Not really. It was designed with more in mind. It just happens to be
> good at authentication. LDAP can do so much more, like provide a
> directory of email address for your email client, to name just one.
>
> For more on LDAP and authentication, see
> http://www.mandrakesecure.net/en/docs/ldap-auth.php
> To get this link I googled ldap authentication. Came 3rd.
> http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
> came 5th. C'mon, to google is good.
>
> |
> | Also in windows at the client can "mount" the network volume
> | for the user, in unix file systems are statically mounted... doest this
> | make things a bit clunky for large distributed networks or is what i'm
> | reading out of date for linux ?
> Network filesystems aren't statically mounted anymore. google automount
> for info. Its been around for quite a while now (couple of years).
>
> There is also a great "alternative" to traditional network mounts,
> Intermezzo. Its a true distributed filesystem, has many great features,
> with few of the disadvantages of traditional shares.
>
> As a side note, you might want to have a look at
> http://www.catb.org/~esr/faqs/smart-questions.html if you want
> answers/non-impatient answers to your questions. I've decided only today
> that I don't have the time to answer questions from people who haven't
> read "How To Ask Questions The Smart Way".
>
> Sorry if I seem impatient, because thats what I am atm. Most of this
> post could have been googled.
>
>

For a clever person thats a bit of a stupid response. The reason to ask a
question like "whats it for" or "is this obselete" is because it can only
be answered by the users.

googling for information is fine, but how do I as someone who doesn't use
NIS for example know whats up to date and whats not. If I wanted the
manual I would rust RTFM - I news post because I wanted the opinion.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

George Elkins wrote:
|
| A few years ago we used NIS for sharing Unix account information and
| passwords. Is NIS obsolete?
You're still free to use NIS, but there are better ways now (read easier
to administer).

| Can someone point out advantages or disadvantages of LDAP versus NIS?
Google can. searching for ldap athentication gave
http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html

| Can LDAP be integrated with Windows Active Directory?
Don't really know that one. Try another newsgroup like
comp.os.ms-windows.nt.admin.networking

| Thanks very much.
|
| George Elkins

- --
Ben M.

- ----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harrasment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
- ----------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFADBaykY9EF6QEdTkRAslrAJ4tdT6eTw+siieydMZNwu QgFtdQaQCfelKj
0wVjYV9TeXAChDAUJAUEPr4=
=WoJT
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

root wrote:
| On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote:
|
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>root wrote:
|>| On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
|>|
|>|
|>|>-----BEGIN PGP SIGNED MESSAGE-----
|>|>Hash: SHA1
|>|>
|>|>root wrote:
|>|>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
|>|>|>Perhaps you should look at ldap to manage password authentication.
|>[snip]
|>|>
|>|>OpenLDAP is a directory server. LDAP stands for Lightweight Directory
|>|>Access Protocol.
|>|>
|>|>It is big on security, so much so that you can securely setup clients to
|>|>authenticate users not with the local password database (/etc/passwd)
|>|>but with the "database" or directory stored on the trusted LDAP server.
|>|>
|>|>In simpler terms, the client computers let the LDAP server check wether
|>|>the username/password is correct. (So you only need to manage the
|>|>username/passwords on the one computer, the LDAP server.)
|>|>
|>|
|>[snip]
|>| Unix network projects seem to tread on each others toes ?? For
example if
|>| you authenticate with LDAP I guess you can get a home directory
etc.... in
|>| the M/Soft world that would be a "domain controller" - but hang on isn't
|>| the unix domain controller NIS ... or this is LDAP intended as a
|>| replacement for NIS?
|>
|>Not really. It was designed with more in mind. It just happens to be
|>good at authentication. LDAP can do so much more, like provide a
|>directory of email address for your email client, to name just one.
|>
|>For more on LDAP and authentication, see
|>http://www.mandrakesecure.net/en/docs/ldap-auth.php
|>To get this link I googled ldap authentication. Came 3rd.
|>http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
|>came 5th. C'mon, to google is good.
|>
|>|
|>| Also in windows at the client can "mount" the network volume
|>| for the user, in unix file systems are statically mounted... doest this
|>| make things a bit clunky for large distributed networks or is what i'm
|>| reading out of date for linux ?
|>Network filesystems aren't statically mounted anymore. google automount
|>for info. Its been around for quite a while now (couple of years).
|>
|>There is also a great "alternative" to traditional network mounts,
|>Intermezzo. Its a true distributed filesystem, has many great features,
|>with few of the disadvantages of traditional shares.
|>
|>As a side note, you might want to have a look at
|>http://www.catb.org/~esr/faqs/smart-questions.html if you want
|>answers/non-impatient answers to your questions. I've decided only today
|>that I don't have the time to answer questions from people who haven't
|>read "How To Ask Questions The Smart Way".
|>
|>Sorry if I seem impatient, because thats what I am atm. Most of this
|>post could have been googled.
|>
|>
|
|
| For a clever person thats a bit of a stupid response. The reason to ask a
| question like "whats it for" or "is this obselete" is because it can only
| be answered by the users.
I didn't say it was a stupid question. I just pointed out that the
question "What is LDAP for?" has already been answered and indexed in
google. Nevertheless I did take time out to extrapolate a little.

| googling for information is fine, but how do I as someone who doesn't use
| NIS for example know whats up to date and whats not. If I wanted the
| manual I would rust RTFM - I news post because I wanted the opinion.
There was one question asking for an opinion - "Unix network projects
seem to tread on each others toes ??". Understandably, I ignored that
and graciously answered all others, albeit with a few references to
links I found on google.

Usenet is a very hostile place, and I'm sorry to see it so. I apologise
if I have been seen to have perpetuated the situation. Btw, which part
of my response warranted the name "stupid"? I do admit that
|> Network filesystems aren't statically mounted anymore. google
|> automount for info. Its been around for quite a while now (couple of
|> years).
might have seemed hostile and I do apologise for that. I didn't mean it
that way. Allow me to rephrase:
|> Network filesystems in linux now have a dynamic mounter called
|> automount, and is now quite thoroughly tested. Please google
|> automount for more info.

Lets all get along, eh?

- --
Ben M.

- ----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harrasment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
- ----------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFADBuCkY9EF6QEdTkRAn29AKDFOWldTVoN2khsbyAZ3R IeoJwbTwCePxyj
5Ia1Gmqx2uj1jRO7Rvsd8e4=
=wL6s
-----END PGP SIGNATURE-----

On Mon, 19 Jan 2004 18:01:38 +0000, Ben Measures wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> root wrote:
> | On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote: | |
> |>-----BEGIN PGP SIGNED MESSAGE-----
> |>Hash: SHA1
> |>
> |>root wrote:
> |>| On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote: |>| |>|
> |>|>-----BEGIN PGP SIGNED MESSAGE----- |>|>Hash: SHA1 |>|> |>|>root
> wrote:
> |>|>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
> |>|>|>Perhaps you should look at ldap to manage password authentication.
> |>[snip]
> |>|>
> |>|>OpenLDAP is a directory server. LDAP stands for Lightweight
> Directory |>|>Access Protocol.
> |>|>
> |>|>It is big on security, so much so that you can securely setup
> clients to |>|>authenticate users not with the local password database
> (/etc/passwd) |>|>but with the "database" or directory stored on the
> trusted LDAP server. |>|>
> |>|>In simpler terms, the client computers let the LDAP server check
> wether |>|>the username/password is correct. (So you only need to manage
> the |>|>username/passwords on the one computer, the LDAP server.) |>|>
> |>|
> |>[snip]
> |>| Unix network projects seem to tread on each others toes ?? For
> example if
> |>| you authenticate with LDAP I guess you can get a home directory
> etc.... in
> |>| the M/Soft world that would be a "domain controller" - but hang on
> isn't |>| the unix domain controller NIS ... or this is LDAP intended as
> a |>| replacement for NIS?
> |>
> |>Not really. It was designed with more in mind. It just happens to be
> |>good at authentication. LDAP can do so much more, like provide a
> |>directory of email address for your email client, to name just one. |>
> |>For more on LDAP and authentication, see
> |>http://www.mandrakesecure.net/en/docs/ldap-auth.php |>To get this link
> I googled ldap authentication. Came 3rd.
> |>http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html |>came
> 5th. C'mon, to google is good. |>
> |>|
> |>| Also in windows at the client can "mount" the network volume |>| for
> the user, in unix file systems are statically mounted... doest this |>|
> make things a bit clunky for large distributed networks or is what i'm
> |>| reading out of date for linux ?
> |>Network filesystems aren't statically mounted anymore. google
> automount |>for info. Its been around for quite a while now (couple of
> years). |>
> |>There is also a great "alternative" to traditional network mounts,
> |>Intermezzo. Its a true distributed filesystem, has many great
> features, |>with few of the disadvantages of traditional shares. |> |>As
> a side note, you might want to have a look at
> |>http://www.catb.org/~esr/faqs/smart-questions.html if you want
> |>answers/non-impatient answers to your questions. I've decided only
> today |>that I don't have the time to answer questions from people who
> haven't |>read "How To Ask Questions The Smart Way". |> |>Sorry if I
> seem impatient, because thats what I am atm. Most of this |>post could
> have been googled.
> |>
> |>
> |
> |
> | For a clever person thats a bit of a stupid response. The reason to
> ask a | question like "whats it for" or "is this obselete" is because it
> can only | be answered by the users.
> I didn't say it was a stupid question. I just pointed out that the
> question "What is LDAP for?" has already been answered and indexed in
> google. Nevertheless I did take time out to extrapolate a little.
>
> | googling for information is fine, but how do I as someone who doesn't
> use | NIS for example know whats up to date and whats not. If I wanted
> the | manual I would rust RTFM - I news post because I wanted the
> opinion. There was one question asking for an opinion - "Unix network
> projects seem to tread on each others toes ??". Understandably, I
> ignored that and graciously answered all others, albeit with a few
> references to links I found on google.
>
> Usenet is a very hostile place, and I'm sorry to see it so. I apologise
> if I have been seen to have perpetuated the situation. Btw, which part
> of my response warranted the name "stupid"? I do admit that |> Network
> filesystems aren't statically mounted anymore. google |> automount for
> info. Its been around for quite a while now (couple of |> years). might
> have seemed hostile and I do apologise for that. I didn't mean it that
> way. Allow me to rephrase:
> |> Network filesystems in linux now have a dynamic mounter called |>
> automount, and is now quite thoroughly tested. Please google |>
> automount for more info.
>
> Lets all get along, eh?
>
Sorry to be so blunt !

I wasn't after a fight. I was just trying to point out that I can read
as well as drive google..... that I am not simply lazy - and judging by
the other responses in this thread also not the only one confused.

As for stupid - pointing me at a URL called "smart questions" and telling
me to google was a stupid answer to an opinion question. Until google has
a "whats the best tool for job X" search criteria all it will do is point
the lost at a sea of mess. Questions like "what is linux" is a google type
question ... however questions like "whats the best tool for domain
authentication with linux" is not. Perhaps stupid was an emotive term, if
you look carefully I didn't call you stupid, just the statement :-) I will
try more tact next time. I lack social skills and tact so I might make
sysadmin yet :-D

http://www.google.com/search?hl=en&i...=Google+Search

What you get are a large number of pages about PHP !

LDAP is a project thats documented like somebody trying to explain a car
by the components, before saying its a means of transport and people go
places in it ! Its so hung up on all its exciting possibilities it leaves
people looking at it for first time unsure what its focus is.

The explanations in this thread have been very useful.

The problem I have is the same problem most linux newbies have. When
trying to solve a problem, say domains for example its very difficult to
know what the best/current practice is.

In the mono windows world you typically have one tool - NT Domain
controller for example. With linux it seems to have no standard setup for
situations like this......

You start with a linux distribution then configure an Authentication
system, then a network system, then you claim an automounter - though I
have only seen this used for disks/cds not network mounts, but my
experience is minimal....

From my point of view (as an ex NT person) Linux does seem to have network
tools that tread on each others toes... its just an observation. Its not
one tool/configuration for one job its four tools for any given job -
often with all 4 <100% good ! Life would be simpler if linux has one tool
clear in purpose and design, that was 100% good - no decisions to make, no
traps for inexperienced, thats how Microsoft sell... dumb=simple=sells ;-)

I could authenticate with a replicated passwd file, or LDAP or
radius or even SSL. Then the user could get a home directory on NFS or
SMB or one of the many (not well supported) cluster filesystems (about
time the kernel had one of these and called it the standard ?).

Nobody in the commercial world wants to build large systems using tools
that die or don't work well, so its difficult know which horse to back for
any solution.

Some things like web server are an easy choice, its apache ! But network
what do you back ? NFS ... linux still seems to have nasty NFS. I'm using
Redhat 9 with latest updates, still doesn't fantastically well :-(

News will always offer users the chance to say "what are you using" and
"what works well" - google and the manual pages will never tell me that.

On Sun, 18 Jan 2004 00:54:30 -0800, ynotssor wrote:

> "root" quoted and wrote in message
> newsan.2004.01.18.08.44.02.728333@home.com
>
>>> http://www.openldap.org/
>>
>> Am I the only person to look at this and say "what does it do ?" and
>> "whats it for ?"
>>
>> The descriptions are clever, but I still don't understand what its
>> for !!!!
>>
>> Is it a domain controller ? A Filesystem ? A database ? A
>> replacement for DNS ?????
>
> http://www.tldp.org/HOWTO/LDAP-HOWTO/ answers all your questions.
>

No it doesn't - I read introduction from this before I posted, my question
was more a "WHATFOR" than a "HOWTO".

This HOWTO explains setup for people who know already know what its for or
why they want to use it.

Its been answered now.

Cheers,
Jon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

root wrote:
| Questions like "what is linux" is a google type question ... however
| questions like "whats the best tool for domain authentication with
| linux" is not.

I'm sorry, I didn't get that you were trying to ask that kinda question.
Glad we got that cleared up (reasonably) amicably. As to the best for
network authentication, I've heard great things about Kerberos
http://web.mit.edu/kerberos/www/ . Windows doesn't have support for it tho.

| In the mono windows world you typically have one tool - NT Domain
| controller for example. With linux it seems to have no standard setup for
| situations like this......
|
| From my point of view (as an ex NT person) Linux does seem to have network
| tools that tread on each others toes... its just an observation.

I'll try to explain my view of why this is.

Linux is based on "free software". In this case, people write the
software because they have a need, and the software provides a solution.
If a somebody feels a certain "solution" doesn't fit their need, they
modify it, or come up with another that does.

So there will never be a "standard" solution. At best you'll get a
program that happens to fit with most people's needs, at that point in
time. As soon as people need something different, some other program
will become king. Survival of the fittest.

Conversely, with WindowsNT being like a complete distribution now
(rather than "just" an operating system), you get a couple of disks to
load onto your computer, and these basically do what most people what
their computers to do.

The plus side is that you get one program to do one job. The downside
is, you get one program to do one job - if your job has special
requirements, then damn them.

| Its not one tool/configuration for one job its four tools for any
| given job - often with all 4 <100% good !

Oooo, thats blasphemous! Seriously tho, Linux tools are considered to do
their particular job *much* better than their Windows counterparts.

| Life would be simpler if linux has one tool clear in purpose and
| design, that was 100% good - no decisions to make, no traps for
| inexperienced, thats how Microsoft sell... dumb=simple=sells ;-)

I'll have to disagree with you here. Most of the tools used in Linux
(now) have good documentation, albeit a little verbose. For reasons
explained above, these tools also have a very particular purpose (even
if its something like a "general-purpose database"). And their stablity
is second to none (my definition of "good" is how infrequently it
chrashes/breaks).

On the otherhand, there are many traps for the inexperienced. With so
much choice, something will go wrong if you make the wrong one. With
Windows, you can only try one program to solve your problem.

Flexibility (usually) comes at the cost of fewer choices. You can't have
both. Its just that the "Linux world" chose to make more choices and get
more flexibility.

| I could authenticate with a replicated passwd file, or LDAP or
| radius or even SSL. Then the user could get a home directory on NFS or
| SMB or one of the many (not well supported) cluster filesystems (about
| time the kernel had one of these and called it the standard ?).

Again I must express my disagreement and say that all of the filesystems
in the kernel.org kernel have good support and are well maintained.
Secondly none of these will become the "standard" thing to use because
flexibility is good, and by inference so is choice. You will always be
able to choose between many implementations as long as they're around.

| Nobody in the commercial world wants to build large systems using tools
| that die or don't work well, so its difficult know which horse to back for
| any solution.

Thats why the companies like Red Hat and IBM do so well with selling
Linux-based solutions. The commercial world gives IBM their problem and
IBM make the necessary choices to fit their solution. The reason that
the commercial world is choosing Unix/Linux more (for mission critical
work) is simply because of the flexibility (and extreme stability) it
offers. (Windows *desktops* still pervade the commercial world for the
simple reason that they teach it at school! Barefaced cheek!!!
Government sponsored monopoly, thats what it is, not bloody IT... but
thats another story, hehe)

| Some things like web server are an easy choice, its apache ! But network
| what do you back ? NFS ... linux still seems to have nasty NFS.

Do whats right for you. I know that sounds stupid, but thats what it
comes down to. If you don't know whats the best tool for your job, pick
one. If it doesn't fit, try another. Research is very important, but
there comes a time to jump in and swim.

Of course if you don't have the time for research and trying of
solutions, you can always leave the choices up to Microsoft. However,
you will then have to make sure your problem fits the solution instead
of the other way around, and this is a pain to administer if your
problem is sufficiently different.

(Whilst were talking about it, there are plenty of other choices for
http webservers, for all the different needs.)

| News will always offer users the chance to say "what are you using" and
| "what works well" - google and the manual pages will never tell me that.

Usenet is great for those sort of questions, as long as you ask well and
are lucky enough to find patient people.

Man pages will never and should never tell any info other than for
program it supports.

Google, on the otherhand, can be used for general opinion. More likely,
you will find more documentation and support for the programs most used.
Squeezing google is a very good skill to have in the vastness of the
internet. I praise the Google. Hommmm

Then again, it was Usenet that gave you this answer...

- --
Ben M.

- ----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harrasment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
- ----------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFADHvHkY9EF6QEdTkRAqe0AJ9o6IM/A4POymioNqeC/aDYO1O3VgCeKR6p
kyFDK6wZXCq1qkRm/c+KXGI=
=GXh8
-----END PGP SIGNATURE-----

"Ben Measures" wrote in message
news:TEUOb.1456$LU2.1035@news-binary.blueyonder.co.uk...
>
> George Elkins wrote:
> |
> | Can someone point out advantages or disadvantages of LDAP versus NIS?
> Google can. searching for ldap authentication gave
> http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
>

That helps. Thanks.

George Elkins