[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multiple locations and NIS extensions

To: Open Ldap General <OpenLDAP-general@OpenLDAP.org>
Subject: Multiple locations and NIS extensions
From: Gary Algier <gaa@ulticom.com>
Date: Mon, 05 Jun 2000 14:18:32 -0400

I have been "playing" with OpenLDAP for a while and have it implemented
for an email lookup source.  I now want to plan a new implementation
using iPlanet 4.11 and Sun's NIS Extensions.

I have some questions on how to handle unix logins, replication, etc.
Although this may sound iPlanet/Sun specific, I would imagine that similar
problems would arise if I did it with other LDAP solutions.  I am only
using the NIS extensions for its legacy support (heck, I just turned off
our last non-NIS system on Dec 31st and only because it would not run
on Jan 1st).

We have three locations:  Mt. Laurel (NJ), Dallas (TX) and Sophia-Antipolis
France.  I would like to have one unified scheme for the data, with
replication of the LDAP data, but right now we have the problem that
Dallas has different Unix login-name-to-uid mappings from the rest of
us.  So, how should one handle this?  I would like people to have one
password for all systems in all locations, but the uid must be different.
Also, the home directory value could be different as well as the whole
auto.home map.  (We don't share NFS between offices -- way too slow!)

If I create different subtrees:

        dc=ulticom, dc=com
        |
        +- l=mt. laurel, ...
        |  |
        |  +- ou=people, ...
        |  |  |
        |  |  +- uid=gaa, ou=people, l=mt. laurel, dc=ulticom, dc=com
        |  |
        |  +- ou=services, ...
        |  |  |
        |  |  ...
        |  ...
        |
        +- l=dallas, ...
        |  |
        |  +- ou=people, ...
        |  |  |
        |  |  +- uid=gaa, ou=people, l=dallas, dc=ulticom, dc=com
        |  |
        |  +- ou=services, ...
        |  |  |
        |  |  ...
        |  ...
        +- l=sophia, ...
        |  |
        |  +- ou=people, ...
        |  |  |
        |  |  +- uid=gaa, ou=people, l=sophia, dc=ulticom, dc=com
        |  |
        |  +- ou=services, ...
        |  |  |
        |  |  ...
        |  ...
        ...
        |  |
        |
        ...

How do I keep the passwords in sync?  (Note my login in three places).
How do I deal with replication?
Would I make each location be master of its own space?
Or should the corporation headquarters (Mt. Laurel) be the master?
If I flatten the tree, how do I have different uids (unix uids, not LDAP
uids) in different locations?

Or am I way off track?
Should I let each location "do their own thing"?

-- 
Gary Algier, WB2FWZ       gary.algier@ulticom.com           +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      Fax:+1 856 866 2033

            This space intentionally left blank by the censors.

Prev by Date: Re: MD5 passwords
Next by Date: FW: openLDAP and iPlanet Web Server
Index(es):
- Chronological
- Thread