Centralizing Vital Information

In the past couple of years, many attempts have been made to centralize the management of important configuration files on Linux and Unix systems. The first serious attempt was Sun's Network Information System (NIS), formerly known as Yellow Pages. In an NIS environment, based on configuration files such as /etc/passwd, NIS generated maps, which were stored on one or more servers. You could use the NIS master for accessing and managing that information; if it was for accessing the information only, you could use NIS slaves as well. A long time ago this model was rather popular in Unix environments; nowadays, however, it is not used often.

The modern replacement for NIS infrastructures is the Directory service. A Directory service allows for any kind of data to be stored centrally in a hierarchical manner. Working in a hierarchical way makes using a Directory service a lot more efficient when dealing with huge amounts of data. All major operating systems have their own Directory service. Microsoft has Active Directory, and Novell has eDirectory. On Linux, OpenLDAP is an example of such a Directory service. On SUSE Linux Enterprise Server, it is the default Directory service. If you need a more robust Directory service that has multiplatform support and is scalable for millions of objects, Novell's commercial Directory service eDirectory is a better solution.

Note To distinguish between a directory as a storage unit in the file system (like the directory /etc) and a Directory that is used as a centralized database to organize information in a network environment, I will use directory with a lowercase d when referring to the storage unit in the file system and Directory with a capital D to refer to the centralized database.

In addition to offering a centralized and hierarchical solution for managing important information in the network, a Directory service such as OpenLDAP is replicated according to the multimaster model. In this model, there is no clear distinction between a master copy of the database that can be written to and the slave copies of the database that cannot be written to: changes can be written on any server on the network, to any copy of the database. This is an important difference from, for example, NIS, where no modifications can be made when the NIS master is down.

The name OpenLDAP comes from the Lightweight Directory Access Protocol (LDAP), which is a standard that was developed to get data from a directory based on the X.500 Directory service. This Directory service was originally developed as a Directory for telephony services. Many Directories are based on that standard; for example, Active Directory and eDirectory are both LDAP compatible. In the Linux environment, OpenLDAP is more than just a protocol to get data out of a Directory. It is a Directory service by itself that delivers more or less the same services as other Directory services such as eDirectory and Active Directory.

Was this article helpful?

0 0

Post a comment