Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Anyone using LDAP for UID & GID services?
Ninerfan
I've been reading all the past posts I can find about using LDAP to not only authenticate login to TeamSite but also to replace NIS. I was wondering if anyone is actually doing this and if so is it working ok? This is Solaris 8 and TS 5.5.2 SP2. Is this a real risky way to manage the UID, GID info or is it pretty safe and stable.
Thanks.
PS. How can I tell if my machines are using IPv4??
Find more posts tagged with
Comments
tvaughan
The Niners Suck.
That said, yeah, I've been fighting with using LDAP as the only source of uids and gids for TeamSite users. I'm running Solaris 8, TS 5.5.2 (
no SP2
-- I'm scared of it).
Last year, the LDAP team (using Novell's NDS implementation of LDAP) tried to setup users for use by TeamSite. At the time, I was running TS 5.0.1, on Solaris 7.
We had a slew of performance problems, the solaris "su" binary broke, and things were generally pretty miserable. I upgraded to Solaris 8, TS 5.5.2, and we tried again.
One thing I should note is that within out LDAP username field, the "average" user has a name like "f123456"." I wanted TeamSite names to be like "tvaughan", so I had the LDAP guys overload the username field so that if you looked at an LDAP entry for a TeamSite user, you'd see "tvaughan, f123456"
Anyway, we tried setting up TeamSite to use pam, then ldap. We tried setting up Solaris to use various implementations of pam ldap (with and without SSL, with and without NIS in the picture).
The best advice I can give you is: make sure your caching and O.S. level performance is as fast as you can possibly get it before trying to configure TeamSite. In other words, set up Solaris to talk to LDAP, and make sure that you can run "ls -l" in some big directory with a bunch of different owners for all the files and
not have signiificant
delays in getting the "ls -l" command to return. While not necessarily a precursor, to TeamSite doom, I've found no better indicator of problems-to-come than having those kinds of Solaris commands hang.
So, try "ls -l", try "ps -ef", etc. . . anything that needs to display a lot of uid/gid info. If it is slow on the OS level (e.g. telnet), don't even bother trying to get TeamSite to work.
Tom
Brewy
We are using native LDAP integration on our TeamSite(SP2b) Solaris server. So far no problems at all. Just make sure you never replicate UID's,GID's or usernames in the /etc/passwd file. This causes the LDAP server to get hammered by the teamsite server.
