Below is a quick comparison between FNS, DNS, NIS, NIS+ and LDAP naming services.
|
DNS |
NIS |
NIS+ |
FNS |
LDAP |
---|---|---|---|---|---|
NAMESPACE |
Hierarchical |
Flat |
Hierarchical |
Hierarchical |
Hierarchical |
DATA STORAGE |
Files/ resource records |
2 column maps |
Multi columned tables |
Maps |
Directories [varied] Indexed database |
SERVERS |
Master/slave |
Master /slave |
Root master/ non-root master; primary/ secondary; cache/stub |
N/A |
Master/replica Multi master replica |
SECURITY |
none |
None (root or nothing) |
DES Authentication |
None (root or nothing) |
SSL, varied |
TRANSPORT |
TCP/IP |
RPC |
RPC |
RPC |
TCP/IP |
SCALE |
Global |
LAN |
LAN |
Global (with DNS)/LAN |
Global |
One significant difference between an LDAP client and a NIS or NIS+ client is that an LDAP client always returns a Fully Qualified Domain Name (FQDN) for a host name, similar to those returned by DNS. For example, if your domain name is
west.example.net |
both gethostbyname() and getipnodebyname() return the FQDN version when looking up the hostname server.
server.west.example.net |
Also if you use interface specific aliases like server-#, a long list of fully qualified host names is returned. If you are using host names to share file systems or have other such checks you need to account for it. This is especially true if you assume non-FQDN for local hosts and FQDN only for remote DNS resolved hosts. If you setup LDAP with a different domain name from DNS you might be surprised when the same host has two different FQDNs, depending on the lookup source.
LDAP gives you the ability to consolidate information by replacing application-specific databases; reduces the number of distinct databases to be managed
LDAP allows for more frequent data synchronization between masters and replicas
LDAP is multi-platform and multi-vendor compatible
The following are some restrictions associated with the LDAP Naming Service.
There is no support for pre-Solaris 8 clients
An LDAP server cannot be its own client
Setting up and managing an LDAP naming service is more complex and requires careful planning
A directory server (an LDAP server) cannot be its own client. In other words, you cannot configure the machine that is running the directory server software to become an LDAP naming service client.