[Beowulf] NIS to LDAP gateway

Andrew D. Fant fant at pobox.com
Mon Feb 6 15:10:46 PST 2006

The talk of NIS servers has raised a question I had been meaning to ask.  Does
anyone know about a NIS/LDAP gateway?  Our cluster's compute nodes are all on a
private network that is isolated from the primary network here.  Currently, we
manage passwords and accounts by just copying the password, group, and shadow
files from the user node to the compute nodes on a regular basis.  NIS was not
used out of somewhat misplaced fears about it's insecurity.  We are under a
mandate now to start using the enterprise LDAP directory for authorization and
authentication on the cluster.  I really don't want to have to set up a
full-fledged LDAP environment on the head node, or change my address space and
start routing packets between the cluster and the outside world.  I've heard
rumors that there are daemons out there that can connect to LDAP on one side
and that act like ypserv on the other side and translate and route getpwent()
and related requests between the two worlds.  Has anyone actually seen and/or
used this beastie? Alternately, has anyone ever set up an LDAP proxy for use
inside a cluster?  The only packet routing we have between the outside world
and the cluster is currently daemon based on the management node, and I dread
adding packet forwarding to the iptables configuration on the head nodes and
becoming a perceived competitor to our networking group.


Andrew Fant    | And when the night is cloudy    | This space to let
Molecular Geek | There is still a light          |----------------------
fant at pobox.com | That shines on me               | Disclaimer:  I don't
Boston, MA     | Shine until tomorrow, Let it be | even speak for myself

More information about the Beowulf mailing list