I've been looking in to using the Fan out driver to synchronize users to
our Linux and Unix systems. We have approx 400 nix systems and it would
be nice to sync the passwords and accounts across the environment.

I have the fan out driver working in a test environment and have been
playing with it and I've encountered what seem like some big
limitations. I'm wondering how other people structure their environment
with the Fan Out driver.

Our eDirectory tree is used for identity mgmt only and is fairly flat.
All of our employees exist in a single OU.

It seems that the census has to have unique names for all users and
groups. Not a big deal for users, but I can't have two different groups
called users assigned to two different platform sets.

The problem is we have production servers and pre-production servers.
Both have different user bases. With in each of those groups of servers,
we have multiple different users bases. I don't want to put all users on
all servers.

How do others deal with this? How do you structure your Fan Out
Implementation? Is it possible to use more than one driver that points
to a different ASAM container and thus has a different census?

I know some of you will suggest using NIS, NIS+, or PAM LDAP, but for
various complicated reasons these solutions do not fit our needs.


--
ch1tsch1
------------------------------------------------------------------------
ch1tsch1's Profile: http://forums.novell.com/member.php?userid=27617
View this thread: http://forums.novell.com/showthread.php?t=352877