Hey people,
I have a server on my network which I admin and a few different computers access it. Basically I want to keep the passwd and group files updated on each machine without too much hassle. I thought about LDAP but do I really need to setup something like this and does it actually update the local files? So basically I need something which keeps the files up to date for the UID and GID and passwords... what should I use?
Do I need LDAP?
Message
- mattjgalloway
- l33t
- Posts: 761
- Joined: Tue Mar 16, 2004 10:07 am
- Location: Coventry, UK
- Contact:
Do I need LDAP?
AMD64 3200+, 1024MB RAM, Gentoo Linux
MacBook Core Duo, 1024MB RAM, Leopard
MacBook Core Duo, 1024MB RAM, Leopard
LDAP is a good, mature solution for your problem - but it may be a bit overkill for your environment - if you have a realtively protected LAN environment, there is nothing wrong with a NIS solution - (http://gentoo-wiki.com/HOWTO_Setup_NIS) - there are some security implications - but in a LAN setup they're basically shadowed by the physical access people already have. Another option is cfengine (http://sial.org/howto/cfengine/) which gives you literally what you asked for, although I would advise taking the NIS path over cfengine, for the same reasons as LDAP - it's a bit overkill.
Y'know, somewhere along the line, my brain got wired directly to my fingers .. I'm not even consulted anymore in the decision making processes.
-bemis
-bemis
- James Wells
- n00b
- Posts: 57
- Joined: Fri Sep 10, 2004 4:26 pm
Re: Do I need LDAP?
Greetings,
Further, based on your description, LDAP is not a good solution for you. LDAP is meant to provide a centralized directory service, in your case passwd / shadow / group service. what this means in your case though is that each client machine on the network, would query your LDAP server for it's password / shadow / group service, instead of using it's own local files.
Please note that I use LDAP both on my home network, but also my network at work. At home I manage 3 to 30 systems and at work between 40 - 200 systems. Additionally, I use cfengine to keep my /etc/passwd, /etc/shadow, and /etc/group files synchronized, with minimal user information, on all of my systems just in case the LDAP servers go down.
Right off the bat, you are describing the ideal environment for cfengine. Cfengine is the Configuration Engine, it is designed to keep the configuration of many machines on a network syncrhonized. From what you describe, you won't need anywhere near the full power of cfengine, and could actually get away with something as simple of rsync, though I suspect if you start using cfengine, you will find many more uses for it.mattjgalloway wrote:I have a server on my network which I admin and a few different computers access it. Basically I want to keep the passwd and group files updated on each machine without too much hassle.
Further, based on your description, LDAP is not a good solution for you. LDAP is meant to provide a centralized directory service, in your case passwd / shadow / group service. what this means in your case though is that each client machine on the network, would query your LDAP server for it's password / shadow / group service, instead of using it's own local files.
Please note that I use LDAP both on my home network, but also my network at work. At home I manage 3 to 30 systems and at work between 40 - 200 systems. Additionally, I use cfengine to keep my /etc/passwd, /etc/shadow, and /etc/group files synchronized, with minimal user information, on all of my systems just in case the LDAP servers go down.