[SATLUG] Whatever happened to the Novelle LDAP Application?

Brad Knowles brad at shub-internet.org
Thu Jul 31 14:19:18 CDT 2008

Frank Huddleston wrote:

>   Back in 1999-2000, I remember a Novelle rep came to my place of work 
> and demonstrated a Novelle LDAP Directory Server application that 
> offered single sign-on, etc. for "everything", including Windows (which 
> was NT 4.0 at the time). It was kind of like Active Directory before AD, 
> and didn't just work with Windows.

Novell GDS -- Global Directory Server.  By all accounts, it actually works 
well and scales better than most other LDAP servers, or servers with an LDAP 
interface, including the Microsoft AD stuff.  It's also supposed to be more 
compatible with other LDAP clients than Microsoft AD.

But it is commercial software, and pretty expensive at that.

>  And, more specifically relevant to this LUG, does anyone use something 
> like this (I guess by that I mean some kind of directory) in their 
> configuration? Does OpenLDAP do this kind of thing, if properly configured?

OpenLDAP can do just about anything you want it to, if you use the right 
schema and you configure it correctly.  The latest versions of OpenLDAP will 
outperform any other LDAP or LDAP-like product from any other vendor, 
including Novell GDS.

>  And more broadly: what do you all use to enable interoperability 
> between your machines? NIS maybe?

NIS can't fall through to LDAP, and vice-versa.  You would use one or the other.

But PAM (Pluggable Authentication Modules) can be configured to use both.

We don't use it directly here at UT for our Unix and Linux servers, because 
if the LDAP server goes away then so do all of the accounts on it, and we're 
all admins.

We do have a little Perl script that was developed to dump all the 
appropriate information out of LDAP and put that into the local /etc/passwd 
files, called "ldap2auth".  It's pretty simple, and you should be able to 
fairly easily re-create it.  Most of the magic that we have in our version 
of the script is a result of legacy things that are local to our systems 
here and you shouldn't have the same problems.

Of course, another potential alternative is to run a slave LDAP server on 
each machine, and have them all use themselves for authentication data, as 
well as being able to fall back on the network.  Then the only problem is 
that you need a few local accounts to work during the process that you are 
bootstrapping the local LDAP server, in case the local LDAP server gets 
wedged, or whatever.

Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the SATLUG mailing list