200063: glad that made some sense!
Agree that Novell has some funny quirks and other odd bits. It is built from a different point of view than other systems (like mfst) and at first that can make it seem strange. But in time you come to appreciate what they did and why they did it.. there are truly some brilliant engineers there. It's even more amazing when you compare where Netware was (and is IMHO) vs Windows going back in time. Netware 5.1 had clustering up to 32 nodes at a time when Windows NT4 struggled to do 2. (and if you were smart you bought Veritas cluster X to make it work) AD still is not where eDir was years ago.. NDS was (and still is IMHO) miles ahead of AD. Netware does not have the SPOF that windows does in the registry, the OS can be stage loaded to fix problems when the occur - with windows a tricky problem generally means a re-install. No so with Novell. You can fix just about anything that goes wrong relatively quickly. (relative to other OS's and IME much faster than Windows)
One of the things msft did well in terms of sales was creating an os that my dog could install. all security settings wide open (where they existed) and all services running. You need know precious little to pop in a windows server and have it run.. and many admins have never met a default install they didn't like.. (part of why the net is such a mess IMHO!) Netware, like Unix, comes pretty tight and needs to be configured - which means you need to know what you're doing. This puts a lot of people off at first. You have to enable (or install) services; you have to give out file system rights.. etc. That can seem like a real chore to some, but in the end you are better off - IMHO. While there are books (literally) written about securing windows, there is little to do to secure Netware. The CERT doc is 5? pages and covers 3 issues.. 2 which are open source apps & have patches and 1 which is turning off SNMP (not unique to netware). By contrast, the NSA wrote up a set of manuals to secure Win2k that run over 1,000 pages IIRC.
And then you will still have a critical bug to patch nearly every week (if not more than 1!) Think about how you want to spend your time...
eDir can scale to encompass the entire known internet (literally 250 million objects or something like that..) it's no accident that 80% of the Fortune 500 use it along with various gov't (municipal, state and federal) Financial and large educational institutions.
one last thing.. Marvin has an excellent point about tree structure. Read up a bit if you have not already about the thinking behind how a tree is built. Build your tree with an eye to the future - maybe your firm is not in multiple cities of countries - but 5 years up the road? Plan ahead.
Ours goes root -->Tree(name of your tree)-->Organization (company)--> and then an OU for each office eg: Brisbane, Sidney, Perth.. nothing fancy.. just keeping it simple. We do OU's for each location because each office is connected via WAN links so we partition by OU. Oops.. what's a partition!
eDir - is the directory database
a replica - is a copy of the database - of your tree, or of a partition (part of your tree - see below). You want to have several replicas on your network (3 is good) so if one server goes, you have backup copies.. and any one copy can recreate the others in an emergency.
a partition - is a section of a replica. You can literally cut a chunk out and put just that chunk on another server. This is nice bc if that server is in a remote spot, you no longer have to sync the WHOLE thing - you only have to sync the partition. You can also add filtering to sync only certain attributes (maybe only user info..) You can partition at the OU level.. so if each remote location is an OU, you can have a partition for Sidney, another for Perth, etc.
Again, not the only or "right" way to do this.. just one way.
- have fun!
