[ILUG] ldap vs. nis...
paulj at alphyra.ie
Wed Jul 11 17:45:35 IST 2001
On Wed, 11 Jul 2001, kevin lyda wrote:
> with less then a dozen boxes is it worth it to use ldap?
no. with one caveat: ldap can be secure, nis can not be.
> what else will ldap give me?
nothing, except security and the ability to use a fancy GUI like
directory_administrator or gq.
and LDAP is a wee bit slower too, but not noticable once you make
sure you have indexes for commonly queried attributes. however,
nss_ldap is, and forever will be, slow for apps that use get*ent().
Eg, don't ever use nss_ldap on a box that runs sendmail and processes
any kind of amount of mail.
> in the future i'll probably integrate these boxes with a network
> that does use ldap, but it will be a different ldap domain
> (correct terminology? - i mean this like a domain in nis terms).
you don't really have domains, you have a tree. it's like DNS.
different levels of the tree may or may not be under different
nice thing is that you can configure your machine to search for
accounts in multiple parts of the tree.
however, i think you'd need referrals to work properly for this, and
at the moment AFAICT in openldap they don't. or at least they don't
work invisibly like in DNS, and the openldap guys say that is within
spec and the app should know natively how to follow referrals, so
there's no need for the openldap library to do it.
More information about the ILUG