# NIS/YP, OpenLDAP/Kerberos



## bsus (Sep 11, 2011)

Hi,
I want to set up a central user management for my network.

I read about two technologies to realize this:
NIS/YP and OpenLDAP with Kerberos.

My Question was what are the pros and contras of both ways?

When I have a working LDAP Server with BDB Backend what else is needed to "get" a central user management?

Regards


----------



## gordon@ (Sep 13, 2011)

NIS/YP is easier to setup than LDAP with Kerberos. LDAP let's you integrate with other software, letting you use it for more than just your user details (think company phone book, things like that). Kerberos is more secure than NIS/YP by design as it assumes a hostile network (but trusted hosts). Basically, it depends on what your requirements are.


----------



## bsus (Sep 13, 2011)

Ok Thanks for the information 

I think then I will go as fast as possible over to OpenLDAP/Kerberos and skip the easier/older one.

Could you also give me Support with OpenLDAP?

I have installed OpenLDAP via Ports on a latest FreeBSD Jail, slapd is already running.
As next step I would add base.ldif and db.ldif (two configuration files in .ldif format) to slapd. But till now I didn't succeed:

```
ldapadd -Y EXTERNAL -H ldapi://localhost -f db.ldif 
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
	additional info: SASL(-4): no mechanism available:
```


```
[root@openldap /]# ldapadd -x -D cn=admin,dc=local,dc=de -W -f /usr/local/etc/openldap/base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

[root@openldap /]# ldapadd -Y EXTERNAL -x cn=admin,dc=local,dc=de -f /usr/local/etc/openldap/base.ldif
ldapadd: incompatible with previous authentication choice
```


----------



## gordon@ (Sep 22, 2011)

I think you can just used slapadd to load the data files (warning, this is not concurrent safe. For safety, shutdown slapd before running slapadd).


----------

