This article addresses all of that. So, it will outline the difference between the two naming service subsystems and provide you with possible scenarios when you can use LDAP or NIS. It also features a detailed guide on how you can transition from NIS to LDAP.
Network Information Service or NIS stands out as a dedicated name service protocol. Its design allows it to serve exclusively Posix-style naming and identification information. On the other hand, the Lightweight Directory Access Protocol or LDAP is adaptable and can handle various roles.
NIS is only compatible with Unix platforms. This feature makes NIS unsuitable for central data administration for heterogeneous platforms, while the LDAP framework is highly flexible and suitable for centralized data administration.
Thus, from the above description, NIS has outstanding flexibility and scalability limitations, but it stands out in regard to usability. However, it is easier to use and can achieve higher throughput than LDAP.
The following are some of the notable differences between LDAP and NIS:
The above overview and comparison points show that the LDAP protocol is more secure than the NIS service. For example, anyone on a client machine can run the ypcat passwd utility and access the details of all users from the master server.
Such freedom is not accessible for client LDAP client machines. Instead, LDAP client machines need a configuration certificate before gaining access to some data or information. Moreover, the system enhances user authentication by binding to the server as the user.
Certainly, NIS is only ideal for storing and accessing data or information, making it suitable for small or medium LAN environments. However, you can deploy LDAP in the following network environments:
The previous applications are why many network administrators consider moving from NIS to LDAP for more security, flexibility, and authentication.
Ideally, you can transition your systems from NIS to LDAP. However, you must accurately configure the NIS daemons on your NIS master server when attempting this. Commonly known as the N2L service, this service will only be enabled after your daemons find the relevant NIS-to-LDAP entries on the NIS master server.
This file specifies the mapping details between the NIS map entries and their equivalent DIT (Directory Information Tree) in LDAP. Notably, NIS that successfully goes through this transition is called the N2L server. Interestingly, you cannot achieve this transition from client machines or slave servers since they do not have a NISLDAPmapping file.
Again, you cannot use the following N2L service scenarios:
The n2l service supports an array of mappings. Among the mappings, it includes auto.maps and .home maps. However, auto.master and auto.home maps are supported as the rest of the standard maps.
This brings us to the NIS vs. LDAP discussion. As you have probably noted, LDAP is more secure and provides authentication, while NIS is a naming system. Finally, you can effortlessly transition from NIS to LDAP.
Источник: linuxhint.comLinux Applications