Re: LDAP replacing NIS...?

> Has anyone tried to use LDAP to replace the NIS passwd (also hosts,

I started with OpenLDAP server and everything went okay. Then I tried Iplanet Directory Server, all things go fine, I haven't encountered any problem. Maybe you should have a look at your Solaris /etc/pam.conf file, whether all appropriate items are given their pam_ldap.so.1 authentication component. You should consult your nsswitch.conf file, as well. Check your manual pages for the ldap_cachemgr and appropriate configuration files in /var/ldap directory for exact configuration of search scope, service authentication method, etc. Have a look at your directory server's ACLs for userPassword, as well. My configuration works in Solaris 8 and 9 environments, it was tested also on Linux boxes to authenticate users, but I guess it needs some more work to be done with configuring nsswitch.conf and PAM.

> Given a mix of SunOS 4.x, Solaris 2.5, 2.5.1, 2.6, 7-9, is there a

In my opinion, mixing NIS and LDAP brings more problems than if your nodes used just one type of information service. I experienced older Solarises had problems when using LDAP authentication, they "liked" only NIS. In such a heterogenous environment, I found NIS a reliable service. Our systems running a BSD flavored OS don't seem to work well with LDAP, especially those without nsswitch.conf. (Note: I'm not so serious when writing this, I am strongly influenced with Solaris OE :)

You wrote about network of Sun boxes. Try docs.sun.com's System Administration Guide->Naming and Directory Services... I found almost all the information I needed to configure LDAP server/clients here. Received on Thu Jan 30 17:21:40 2003