[Beowulf] Poll - Directory implementation

Tony Brian Albers tba at kb.dk
Thu Oct 25 00:39:50 PDT 2018


On Wed, 2018-10-24 at 11:42 -0500, Tom Harvill wrote:
> [Because of my ignorance I mistakenly posted this inside of a list 
> thread.  I'm sending it again cleanly.]
> 
> Hello,
> 
> Long time lurker, very infrequent poster - I enjoy this list very
> much.
> 
> We run multiple clusters in different data centers with a single 
> directory (LDAP) for general authentication and some user grouping
> for 
> special purposes (eg delineating admin users for privileges). We put 
> 'extra' user data in an RDBMS.
> 
> We currently use 389-DS (aka Fedora Directory Server) and there is
> some 
> internal pressure to switch to OpenLDAP.
> 
> 389-DS is working well, we use the multi-master feature.  It really 
> hasn't failed us.
> 
> I'm writing this list to ask:
> 
> - what directory solution do you implement?
> - if LDAP, which flavor?
> - do you have any opinions one way or another on the topic?
> 
> Because 389-DS has just worked, it's sort-of out of sight and mind.
> I've 
> been re-engaging it for a little while and from what I can see it's 
> fairly well documented (I don't remember this being the case when we 
> originally set it up 10+ years ago.)  I think OpenLDAP doesn't have 
> integrated multi-master replication - that feature appears to be a 
> bolted on script.
> 
> Thanks in advance for your time,
> 
> Tom
> 
> Tom Harvill
> Holland Computing Center
> https://hcc.unl.edu
> 
> 

At KB one of our Hadoop clusters is using 389-DS through FreeIPA, and
it works great. Our 389-DS server is getting hit pretty hard from time
to time since everything is using kerberos and FreeIPA(all the jobs
running on the cluster looks up users etc. in FreeIPA), but it gets by
and is  very stable(we've had two unexpected service stops fixable by
just restarting them in 2½ years now).

All hosts use sssd and user homedirs are automounted on them using
krb5. 

IMO you should consider IdM or FreeIPA since it brings quite a lot of
extra functionality while still using a standard LDAP backend.

/tony

/tony

-- 
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316


More information about the Beowulf mailing list