User Account Management?

Jeremy Welling asks: "I work in a corporate data center with all the major Unices present. Currently we are using a third party product to manage user logins and authentication. In our goals for 2002, we want to move off that product, and the current plan is to go to NIS. Due to the inherent security holes in NIS, I am investigating using LDAP. We would also like to tie this into the NT domain logins. My question is, how difficult is this to do, what LDAP server software would be best, and what OS platform should we look at?"

eDirectory is the way to go

[AndyDeck]

I think Novell's eDirectory is a possible solution. You can run eDirectory on NetWare® 5.x or above, Windows 2000, Windows NT, Solaris, Linux, or Tru64. There are other Novell products (NDS-AS, DirXML, Zen for Desktops, Novell Account Management, SecureLogin) that extend eDirectory's reach even further.

There is a PAM module available for Linux that lets you log in using NDS (eDirectory) credentials. Other *nix clients should be handled the same. For an NT client you would either need to use Zen for Desktop's Dynamic Local User or you would need to use Novell Account Management. Account Management on NT will redirect the domain into NDS. On 2000, it will synchronize with Active Directory.

The other products I mentioned can take you in other directions. DirXML is a meta-directory synchronization tool. Available conduits include Active Directory, Exchange, LDAP, GroupWise, Lotus Notes, NT Domain, JDBC, Peoplesoft, SAP HR, and Delimited Text.

NDS Authentication Services (NDS-AS) extends NDS (eDirectory) authentication redirection to other platforms, including AIX, FreeBSD, HP-UX, Linux, OS/390, Solaris, and Windows. Note that some of NDS-AS duplicates functionality found in eDirectory or Account Management.

SecureLogin is a single sign-on technology, which may be another way to solve your problem.

To give you a bottom line answer, even if you want to ignore alternate solutions and go with a straight LDAP directory, use eDirectory. It doesn't matter which platform you run it from, Novell has demonstrated billion-user trees on several host OSes.