Slashdot Mirror
Where are the 'Modern' Directory Services?
MarcQuadra asks: "I've been a Linux user since 1998, and I admin Mac OS X machines at work, but I have yet to find a distribution that comes out-of-the-box with modern directory services. Sure, there are guides to kerberize and set up OpenLDAP, but before I can start pushing Linux as an alternative at work I'll need a few things. Are there any distributions out there that can auto-mount SMB shares as home directories without heavy modification? How about a distro that's based on OpenLDAP and can easily be configured with LDAP-enabled SAMBA and Kerberos? Am I missing something, or is this not a priority with the community at-large?"
Solaris automounts my home directory just fine. Just point the machine to the NIS domain and it works
LDAP/Samba/Kerbros on Suse works real well out of the box in the latest Suse Server offerings. I don't play with many distros so I can't recommend it against others.
But for professional use on networks of any real size, I really try to push my customers to NDS. Say what you want about Novell, but I have yet to find a beter DS that Novell's.
So why not use it? It's a full featured directory service based on OpenLDAP with Kerberized AFP and SMB built in, so why use a Linux server and "roll your own" with everything, and do all the extra work?
I have to be missing something here.
As part of a school project, our team configured a drop in Linux based replacement for ADS and email on the then current SuSE 9.0. Once set up, you can even use the Windows NT Domain tools to administer it. The Linux machine even played the role of domain controller.
Worked really slick. Single sign-on for all machines, Linux and Windows.
I have the Word doc write up of how we did it around here someplace. I'd be willing to share if you are interested.
As others have mentioned, and I'll confirm, that there is an automounter that comes with the distro that can mount smb file shares on windows machines in the network. I've got this working at home right now.
One of the things that has always annoyed me is how bad the administration tools for LDAP are. My preferred method for quite a while was to keep an LDIF laying around that I would edit and import with slapadd. Not a beautiful solution.
:-)
I have since created an LDAP admin tool that doesn't have a strange obsession with DN's, doesn't make you specify UIDNumbers, and generally tries not to suck.
It is also (to my knowledge) the only LDAP admin tool that will manage your Kerberos principals alongside your LDAP users (if you're into that sort of thing). Anyhow, enough of my blathering, check it out: (http://edsadmin.sf.net).
The next step of my Grand Vision is EDSRealmAssistant, which currently auto-configures samba+ldap, and will in the future do the whole LDAP+SAMBA+KRB5+DNS+DHCP shebang that everyone wants but is too lazy to set up
-Mark
i'm guessing the difference is that setting up AD server and AD-based single-sign-on doesn't make you want to gouge out your eyes with a shrimp fork (compared to linux at least).
i say i'm guessing because i'm 100% linux at home and work, and i'll never lay a hand on a windows box if i can avoid it; but the theme of this Ask /. is dead-on.
Linux needs *easy*, *default*, *out of the box* ldap-based authentication. i should be able to install a distro, select "ldap auth", and then have everything automagically authenticate against it - shell, apache, samba, IMAP, etc etc etc. same on workstations - select "ldap auth", specify the ldap server, and you're done.
i don't know any distros that offer this ease of use - correct me if i'm wrong. (i run debian sarge and sid).
pr0n - keeping monitor glass spotless since 1981.
Windows and Active Directory are a proprietary ripoff of LDAP and kerberos with some gui tools
Well I guess if you never used it, you would probably think this.
AD goes so far beyond a type of LDAP or authenication system it would be like saying Linux is nothing more than a rip off of 1969 *nix and doesn't do anymore.
(And no I don't believe that about Linux.)
Geesh...