I manage a small (just under 40 servers real and Xen) development environment for a software company. We use a mix of RHEL, Ubuntu and Macs (OS X only). As we have grown we have evolved from local password files to Webmin in an attempt to maintain consistent UID/GID and accounts across all of our hosts. We have found that this system is not w/o its reliability issues.
Without debating the merits of a given OS or Webmin, can you all suggest an alternative account management solution? I have tried OpenLDAP and had less than stellar results because getting it configured correctly seems to be more challenging than I hoped. There isn't an OpenLDAP How-To for dummies that I have found.
I have thought of RedHat Directory Services or Fedora Dir Services but I have been lead to believe there are compatibility issues with these. There is the Mac system for dealing with this issue but that seems to be tailored for Mac specific environments. We could use NIS but I would be taking this shop right back to the 90's. Finally, there is <whispering> Active Directory... but I wouldn't be coming to you all if that were something I was considering. I think I would be taken to task for that one.
Our requirements are:
- Something relatively easy to get up an running.
- Easy to manage (www tools are a plus).
- Something that "stays in sync" or offers a single referencable source that all of the servers can validate against.
- Something that accommodates Macs and various flavors of Linux.
- Something that scales... to a point. We don't need a 1000 server worldwide solution... we need a to scale to 100 servers max.
- Has the ability to be backed up and restored in the event of a complete server melt down. Fail over to a peer would be a real plus.
Thanks in advance.