Name Services - telling your LDAP from your DNS
Archive - Originally posted on "The Horse's Mouth" - 2006-04-16 17:10:14 - Graham EllisIf you're just logging in to a single computer then it's sensible to have your user account and password defined on that computer - but what if you're a bit of a bigger organisation and you may need to have the same login at several places? Sun's NIS (Network Information Service) solved this issue many years ago for networks where a single central admin point was available - and it works well to this day, being included in Linux distributions where it does a sterling job.
But what if you've got a larger organisation where you want distributed admin, and where there may be a number of users with the same name in different departments? That's where you'll want to use LDAP - the Lightweight Directory Access Protocol. You arrange your data into a hierarchy, with appropriate servers and administrators at each level and - well - it can work a treat. LDAP is great for a wide range of information that you want to share around within your company; it will securely feed user account data, encoded passwords and much more. A truly broad service.
Users will also want to contact remote systems via their internet connection, and resolve host names down to IP addresses so that information can be routed correctly to external systems. This resolution is achieved using DNS (the domain name service) a.k.a. BIND. Again, data is an hierarchy but it's not secured and traffic is cached and sent worldwide. DNS is very good for resolving host names and mail forwarders over a very wide area - but it's a narrow service, in practise limited to hosts and mailers
It seems to be the season for LDAP and DNS ... I was configuring them on a Linux course last week, and I have something similar this coming week and in Oxford the week after next too.