Hello all,

I've got a number of Linux/Mac OS X/UNIX/Windows machines I would like to authenticate in a consistent way. Currently some of them use NIS, though, and some have outdated OS's.

LDAP is clearly a good way moving forward, however the question is: if I want to have NIS and LDAP with the same user info, is that possible? Is it possible to keep them in sync via some sort of an established procedure? Has that been done? How?

Any help would be much appreciated.

Thanks.

Boris.

I suggest that you should standardize on one or the other, and not attempt to keep them in sync.

Obviously, if you do find it necessary to use both, you need to designate one of these two as being "the (one and only...) authority." You will need to find an appropriate mechanism by which updates to one are immediately slaved to the other, such that only one of the two must be maintained. Obviously, there are compelling advantages in not having to do that.

LDAP (nee Open Directory) is a very widely accepted standard, and I would suggest going to the necessary effort to getting all of the computers in your shop to conform to it. Even "older" OSes should offer LDAP support. You might have to reconfigure some things, but this should be very manageable without "throwing the baby out with the bathwater."

I suggest that you should step back, look at all of your systems' present state, and determine exactly what would need to be done to each one to bring it up to standard. (You'll also need to reconcile the various "authorities" to be certain that they do, in fact, convey "one, and only one 'truth.'") Then, look for ways to deploy the necessary configuration changes to as many systems as possible "automagically," i.e. (to quote a really dreadful country song...) "this ain't no thinkin' thang." Carefully develop a conversion project-plan, troubleshoot it before beginning, then execute it.