[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password control with YP(NIS)



On Tue, 11 May 1999, Juan Carlos Gomez wrote:

> Prasad HS wrote:
> > How to synchronise NIS and Novel passwords with a single LDAP repository?
> 
> I have just finished adding the schema that you need to store NIS
> information (under ldap/schema/nis*) to our development version of
> openldap, however, you need more than that...

Is this using the RFC 2307 schema?

Our project is merging our NDS (Novell) accounts/passwords with our Unix
(Solaris) accounts/passwords using LDAP.  The proof-of-concept was built using
OpenLDAP (for the Solaris box using remote authentication/lookups) but the
system will go live using Novell's NLDAP.NLM (NDSv8) on NetWare 5.

In addition to putting objects into an LDAP directory (such as OpenLDAP), you
need some way of authenticating against it (such as PAM libraries on Solaris
or Linux) and also a lookup mechanism if you don't want to maintain all those
users in /etc/passwd or /etc/shadow (such as NSS - again in Solaris and glibc
on Linux).

> basically if you want your clients to continue to use NIS you need a
> gateway that will turn NIS queries into LDAP ones.

Alternatively, if the "clients" are machines (as opposed to applications) then
configure PAM/NSS on those machines to use LDAP directly instead of NIS.  :-)

Cheers..


dave