[Discuss] Moving servers from NIS to LDAP

[gaf at blu.org (Jerry Feldman)]

On 07/11/2012 06:04 PM, Derek Martin wrote:
> On Wed, Jul 11, 2012 at 05:07:30PM -0400, Jerry Feldman wrote:
>> Will I have to change uids and gids This is an issue for our IT people.
>> If they wil create a separate OU or LDAP group for us, great. If they
>> want to merge is in, that creates a few more issues
>> If we get merged in, then I will also have to set up a way to restrict
>> access to our servers either by using LDAP or a few other tools that I
>> previously mentioned. In most cases, I can do it once and push it to all
>> the other servers like I do with automount.
> Sorry, I meant to comment on this too...  
>
> The goal of a good IT person should (roughly) be to make things as
> easy to manage as possible while still enabling everyone else to make
> effective use of computing resources (and most especially, they should
> not make your job *harder*, if it can be avoided).  Hopefully they are
> that sort.
>
> FWIW, I've found that most sysadmins want to be helpful, but they also
> have their own goals.  They tend to like to solve puzzles.  I've found
> that if you present them with a(n interesting) problem, rather than
> your solution to the problem, they're generally more amenable to
> helping you accomplish your goals, and to working with you to find a
> solution that's mutually beneficial.
>
> Point being, I suspect ultimately this is something you're just going
> to have to negotiate with your IT people.  You said "IBM" -- they're
> probably not new to managing LDAP, and I also doubt that your problem
> is a new one for them.  Probably they already have some canned
> solution which will be forced on you, or maybe you'll get to pick from
> a small set of options.  If they're IBM employees, I expect them to
> act like robots (I have MANY coworkers who say so, who are
> ex-IBM-by-way-of-some-other-startup-that-got-bought-out employees),
> but they might behave like monkeys, if you give them a banana.
>
Basically, IBM does not allow NIS, and LDAP is allowed. The issue is for
me is that the Boston group has its own servers, and has been managed
locally. We have our local users, local storage, local servers,. Moving
to IBM while it poses some other problems, like bluewashing our
software, our move date was recently moved from October 1 to August 20.
Our IT guys who are working on LDAP were unaware of this. Also, while
all of our servers and VMs have been remediated, IBM is telling IT that
they will not accept our ancient servers and out NAS. The NAS has 2.5TB.
We have no way to migrate 2.5TB in 35 days, We have a few solutions. One
is they might give us an IBM server (4U with 2x220VAC twistlocks)> All
of our systems plug into a CDU that already has 220. So I could plug our
servers back into the local 110/20A outlets as long as I split the load
and free up the 2 220s we put in last year. But, the solution was only a
suggestion from our IT people. To add to all of this, I have to write
some code (was supposed to be C++, but now will be Java) for one of our
clients. So, for me it is workload, and also, to find a solution that
will minimize downtime as we have some production systems here and 1
employee who likes to work 24x7 :-)

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90