LDAP is used to store NSS (Name Service Switch) information for the UNIX passwd and group databases. All information about network users, such as UNIX uid/gid, home directory, shell, and other group membership is handled through NSS.
Previously, the CSL used NIS to store network user information. However, when the decision was made to integrate CSL accounts and authentication with Windows Active Directory (previously all CSL accounts were managed separately and required an application form to receive), LDAP was chosen to replace NIS as the backend for the NSS database.
Integrated authentication using LDAP and Kerberos was initially deployed in lab 231 during the spring of 2006. Sun Directory Server 5.2 was used at the time, replicated from sol across what are now known as chuku and ekhi. During the summer following, LDAP was moved into a VMWare virtual machine known as daystar in order to run LDAP on a faster system. However, for reasons not completely understood, the VM subsequently developed problems during the fall of 2006 and resulted in NSS becoming painfully slow on both rockhopper (at that time used for all of lab 231 and 16 LTSP nodes in the CSL) and the rest of the CSL workstations. In order to remedy the situation, /etc/passwd was rapidly deployed as a flatfile across all affected systems. Hesiod was subsequently set up as the NSS database for the remainder of the school year and the beginning of the next.
Sun Java System Directory Server Enterprise Edition v6
Sun Java System Directory Server
- Sun's equivalent of slapd
- Fully integrates with nsswitch for all databases (currently only using passwd and group)
- Currently running in one-way replication on ldap1 (master) and ldap2.
Sun Java System Identity Synchronization for Windows
- Connects and synchronizes users from Active Directory to Sun LDAP server and maps specified attributes (currently only one-way from AD to Sun)
Identity Synchronization for Windows
|Description||Active Directory||Sun LDAP|
|Description (grad year for current students)||description||description|