[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: users on db ?
----- Original Message -----
From: "Ilya Konstantinov" <linux-il@future.galanet.net>
To: "Gavrie Philipson" <gavrie@netmor.com>
Cc: "Ben-Nes Michael" <miki@canaan.co.il>; "Tal Amir" <tal@whatsup.co.il>;
"ILUG" <linux-il@linux.org.il>
Sent: Sunday, January 07, 2001 5:24 PM
Subject: Re: users on db ?
> On Sun, Jan 07, 2001 at 05:05:57PM +0200, Gavrie Philipson wrote:
> > IMHO, The correct solution to such a problem is using a "directory
service".
> > In the past, that usually meant NIS or similar, but nowadays this can be
> > LDAP.
>
> LDAP NSS modules seem to be a really nice solution, also for
> distribution of other tables (hosts etc.). - but I haven't yet
> found a good description of what LDAP does for me, despite the hype.
>
> All I've read by now is some mixup of terms and ideas of a world-wide
> information repository. Comparing to the flat table structure
> of an SQL server, this really looks non-trivial ...
Actually, it's quite simple. Certainly not more complicated than SQL.
What LDAP gives you and an SQL db doesn't is a hierarchical model (such as
by units in an organization). It also gives you a standard model of defining
users, groups and whatever not.
Incidentally, LDAP data could be stored in an SQL database -- LDAP is just
the way you access it.
The "world-wide" repository idea, while it was nice, is usually ignored, and
every organization sets up its own internal tree based on its organizational
name (o=mycompany, c=US) or DNS name (such as dc=mycompany, dc=com). Inside
the company, you're free to create whatever tree you like.
As to the user/group etc. objects themselves, see RFC 2307 ("An Approach for
Using LDAP as a Network Information Service") for details.
To get it working, all you need is a working LDAP server (such as OpenLDAP)
and a correctly configured nss_ldap (included in most recent Linux distros,
or see www.padl.com).
Gavrie.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il