Syncing 3 Freebsd servers' accounts Question

Dick Davies rasputnik at
Thu Jan 27 13:01:59 PST 2005

* Erik Norgaard <norgaard at> [0129 20:29]:
> I forgot:
> O'Reilly has a really good book on LDAP "LDAP System Administration" - 
> includes a chapter on how to migrate from NIS to LDAP.

IMO that's one of the few bad oreilly books - if you want a really good
ldap tutorial, get

"Understanding and Deploying LDAP Directory Services"

the orielly book is more of a cookbook, but does'nt really explain what's
going on.
> And an honest advantage of NIS: Text files only, and LDAP with pam/nss 
> is not supported on OpenBSD if you some day need to integrate with that OS.

Yeah, but NIS is horribly insecure. I doubt Theo would embrace it with open arms :)
NetBSD is almost finished integrating pluggable nsswitch modules, I doubt openbsd
will be far behind. No offence to the openbsd crew but if you waited for them to support
something before using it on freebsd you wouldn't be running much...

The flat file thing is a double-edged sword; it's trivial to dump and restore
a directory (at least openldap), and doesn't have the 'issues' I've had with, say,
SQL databases, where either you get too much (accidentally try to restore the system
tables) or too little (forget the users).

And an LDAP directory is useful for much more than just distributed password files,
and is straightforward to replicate (don't know how you'd do that with NIS) and fast too.

> Also, LDAP requires you to obtain Object Identifiers if you defnine new 
> types, I haven't heard of OID that can be used for private/experimental 
> purposes only (like the private ip address spaces).

There's no need to get an OID registered (unlike IP addresses; it's not like
it's routed) but it's free and they'll happily give you one if you ask.

'What have you done to the cat? It looks half-dead.'
		-- Schroedinger's wife
Rasputin :: Jack of All Trades - Master of Nuns

More information about the freebsd-questions mailing list