Re: ldap conversion strategy

• Previous message: Leonid Grinberg: "Re: Debian Wireless Networks"
• In reply to: John Smith: "ldap conversion strategy"
• Next in thread: John Smith: "Re: ldap conversion strategy"
• Reply: John Smith: "Re: ldap conversion strategy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 30 Nov 2005 00:28:33 +0000
To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>

John Smith wrote:
> Hi All,
>
> I'm in the process of designing a plan to move a lot of debian
> workstations (all with local users configured) to a ldap managed en-
> vironment and have some choices to make, some easy, some tough. Here
> one of the last category:
>
> In order to keep the users using applications they derive from
> their current local group memberships, I intend to recreate the local
> groups (luckily all according to the default Debian installer policy
> and uniquely identified by the same gid over all workstations) in the
> ldap tree.
>
> Should I create each and every group (audio with gid=29 for
> example) in the ldap tree with the same group id as locally defined?
>
> Will those two groups colide and if so, what is the best way
> to solve this collision?
>
> Sincerely,
>
> Jan.
>
>

Moving it all to LDAP is exactly what I did, but the approach has a few
problems. Basically, whilst it works just fine, any updates to the base
packages will be applied to the local files, not the ldap directory.
That means watching for updates and manually updating the ldap tree. Not
a biggie, but still a pain. In order to reduce the potential for
conflicts, I also disabled most of the local groups. Unfortunately,
updates also re-enable these too.

It would be nice to have the base packages call scripts for
adding/removing the base users and groups that could be pointed at
scripts or something similar that could be made to service LDAP, but
that's not the way it currently works and I haven't the faintest idea
how to go about actually making it, nor in fact, the time to do so either.

Good luck, it does work well in the end.

- Jamie

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• application/pgp-signature attachment: OpenPGP digital signature

• Previous message: Leonid Grinberg: "Re: Debian Wireless Networks"
• In reply to: John Smith: "ldap conversion strategy"
• Next in thread: John Smith: "Re: ldap conversion strategy"
• Reply: John Smith: "Re: ldap conversion strategy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages ldap, kerberos and ssh-krb5 ... I have a working installation with account information ... principals matcing users in ldap. ... nfs from one server to the workstations. ... if I have local users on the machines (no ldap ... (Debian-User) Re: ldap, kerberos and ssh-krb5 ... > I have a working installation with account information ... Further, a kerberos kdc with ... > principals matcing users in ldap. ... > nfs from one server to the workstations. ... (Debian-User) ldap conversion strategy ... workstations to a ldap managed en- ... vironment and have some choices to make, some easy, some tough. ... and uniquely identified by the same gid over all workstations) in the ... example) in the ldap tree with the same group id as locally defined? ... (Debian-User) Re: NFS v4 =?ISO-8859-15?Q?Verst=E4ndnisfragen?= ... >> zwischen den Workstations erforderlich? ... > Irgendwie muss der Client schon alle Accounts kennen. ... Ließe sich ldap so nutzen, dass die Workstation nur an die ... Next by Date: ... (de.comp.os.unix.networking.misc) SunScreen 3.2 and CDE ... to several other workstations. ... the LDAP server as well), GNOME hangs, and CDE reports an error in the ... the appropriate ports have been opened for them. ... (comp.unix.solaris)