[Rocks-Discuss] NIS or LDAP

208 views
Skip to first unread message

mike vandewege

unread,
Feb 2, 2012, 5:38:58 PM2/2/12
to Discussion of Rocks Clusters
Hello,

Been talking to a a couple Linux gurus about adding and sharing user
information across nodes using either a NIS(yp) server or LDAP. It seems
like NIS already came w/the Rocks package, but I hear LDAP was current and
still maintained, wondering if there is a significant advantage to learning
and using LDAP or just sticking with NIS.

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20120202/5e4002aa/attachment.html

Albert Everett

unread,
Feb 2, 2012, 6:07:51 PM2/2/12
to Discussion of Rocks Clusters
Some have mentioned ldap/kerberos in the past.

-------------------------------------
Albert Everett
Graduate Institute of Technology
University of Arkansas at Little Rock
2801 South University Ave, ETAS 329
Little Rock, AR 72204
e: aeev...@ualr.edu
o: 501-569-8346
f: 501-569-8039

"Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D."

unread,
Feb 3, 2012, 9:30:59 AM2/3/12
to Discussion of Rocks Clusters
hi
one way just import NIS user data uid/passwd into 411
of course you need a way to automatic this process, may be once a day.

or LDAP with NIS compatibility mode

If you already has company wide LDAP setup then it may be worth the
effort to integrate LDAP to rocks
just make sure your DRM e.g. torque or sge or condor work in the new
LDAP environment
since DRM only work with private net, some how the private net will need
to have access the uid info (may be passwd)
The FE can access LDAP server easily

regards

--
Hung-Sheng Tsao Ph D.
Founder& Principal
HopBit GridComputing LLC
cell: 9734950840

http://laotsao.blogspot.com/
http://laotsao.wordpress.com/
http://blogs.oracle.com/hstsao/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: laotsao.vcf
Type: text/x-vcard
Size: 608 bytes
Desc: not available
Url : https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20120203/b25ce55d/laotsao.vcf

Adam Bohlander

unread,
Feb 3, 2012, 10:05:14 AM2/3/12
to Discussion of Rocks Clusters
So I ran into a similar issue while setting up a new cluster. I'll skip
the part about configuring the head node to allow logins via LDAP (Active
Directory in my case), because that really depends on quite a few things
specific to your site. Obviously the internal cluster authentication all
depends on ssh keys, but there is still the issue of identity. Here is how
I handled the internal cluster identical synchronization.

On the head node I have this script running as a cron job to generate all
of the users and groups from LDAP.

#!/bin/bash
getent passwd | sort - /etc/passwd | uniq -u > /etc/passwd.ldap
getent shadow | sort - /etc/shadow | uniq -u > /etc/shadow.ldap
getent group | sort - /etc/group | uniq -u > /etc/group.ldap

Then I added those three files to the 411 service.

cd /var/411 ; vi Files.mk , add the three .ldap files to the
FILES_NOCOMMENT line
make clean ; make

Then the nodes have this script also running as a cron job to add all the
LDAP users and groups into their local files

#!/bin/bash
cat /etc/passwd /etc/passwd.ldap | uniq > /tmp/passwd.tmp ; cat
/tmp/passwd.tmp > /etc/passwd ; rm /tmp/passwd.tmp
cat /etc/shadow /etc/shadow.ldap | uniq > /tmp/shadow.tmp ; cat
/tmp/shadow.tmp > /etc/shadow ; rm /tmp/shadow.tmp
cat /etc/group /etc/group.ldap | uniq > /tmp/group.tmp ; cat
/tmp/group.tmp > /etc/group ; rm /tmp/group.tmp

^ There is probably a better way to do that particular task, but I am not
so good at bash.

So now once a user logs into the head node via LDAP they can access any
node with the correct uid/gid
-adam

URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20120203/a80f0475/attachment.html

Reply all
Reply to author
Forward
0 new messages