[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Anyone using OpenDirectory?

From: Craig White <craigwhite azapple com>
To: "Red Hat Enterprise Linux 4 (Nahant) Discussion List" <nahant-list redhat com>
Subject: Re: Anyone using OpenDirectory?
Date: Thu, 13 Apr 2006 17:16:45 -0700

On Fri, 2006-04-14 at 07:40 +0800, John Summerfied wrote:
> Doug Stewart wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Howdy all:
> > Is anyone using OpenDirectory as a stand-in for NIS in a RedHat/Solaris
> > environment?  Apple's admin tools are very compelling, particularly for
> > our Mac clients and we'd love to leverage the OD setup to give our RH,
> > Solaris (and even Windows) clients an LDAP-based single sign-on.  Are
> > there perils/gotchas that I should be on the lookout for?  I'm about to
> > reboot my RHEL 4.3 desktop, having just enabled LDAP authentication, so
> > I'll see what happens here in the short run, but I'd love advice and
> > tips from anyone so inclined to give 'em.
> 
> If you want to authenticate Windows client, I suggest you look closely 
> at Active Directory on Windows 2003 Server, and consult with someone who 
> understands Group Policy.
> 
> Using Group Policy, you can lock down the Windows desktops very tightly 
> indeed.
> 
> I've not yet tried authenticating Linux clients against AD, but I 
> believe it's possible. I _have_ made some simple LDAP enquiries from 
> Linux against AD.
> 
> I asked previously (on this list, I think) about replacing Windows 2003 
> Server with Linux, and the replies were not very encouraging. Windows 
> has the advantage of having the correct schema to start with, and quite 
> a nice GUI to manipulate the directory content.
> 
> I have not looked into OpenDirectory yet, but maybe I should.
----
if the intent is to run group policy, then the natural thing would be to
use Windows AD which supplies Microsoft's vision of LDAP and kerberos.

if the intent is to have LDAP master on UNIX/Linux, you might want to
check out FDS (fedora directory server) which is capable of sync'ing
LDAP data with Windows AD. FDS also offer the benefit of their 'console'
application which is very similar to the tools that you get with Open
Directory.

There are ways to get some group policies to work with an all Linux/UNIX
samba/LDAP configuration but not yet to the extent of what you can do
with group policy with Windows AD.

I got the impression that there are some features missing in
OpenDirectory such as multi-master replication, password policy,
replication with AD that may make it less than optimal.

Craig

References:
- Anyone using OpenDirectory?
  - From: Doug Stewart
- Re: Anyone using OpenDirectory?
  - From: John Summerfied

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]