Re: ldap conversion strategy

• Previous message: Lubos Vrbka: "Re: aptitude and apt-listbugs"
• In reply to: Jamie Thompson: "Re: ldap conversion strategy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 30 Nov 2005 08:48:03 +0100
To: debian-user@lists.debian.org

On Wed, 30 Nov 2005 00:28:33 +0000
Jamie Thompson <debian-users@jamie-thompson.co.uk> wrote:

> John Smith wrote:
> > Hi All,
> >
> > I'm in the process of designing a plan to move a lot of debian
> > workstations (all with local users configured) to a ldap managed en-
> > vironment and have some choices to make, some easy, some tough. Here
> > one of the last category:
> >
> > In order to keep the users using applications they derive from
> > their current local group memberships, I intend to recreate the local
> > groups (luckily all according to the default Debian installer policy
> > and uniquely identified by the same gid over all workstations) in the
> > ldap tree.
> >
> > Should I create each and every group (audio with gid=29 for
> > example) in the ldap tree with the same group id as locally defined?
> >
> > Will those two groups colide and if so, what is the best way
> > to solve this collision?
> >
> > Sincerely,
> >
> > Jan.
> >
> >
>
> Moving it all to LDAP is exactly what I did, but the approach has a few
> problems. Basically, whilst it works just fine, any updates to the base
> packages will be applied to the local files, not the ldap directory.
> That means watching for updates and manually updating the ldap tree. Not
> a biggie, but still a pain. In order to reduce the potential for
> conflicts, I also disabled most of the local groups. Unfortunately,
> updates also re-enable these too.
>
> It would be nice to have the base packages call scripts for
> adding/removing the base users and groups that could be pointed at
> scripts or something similar that could be made to service LDAP, but
> that's not the way it currently works and I haven't the faintest idea
> how to go about actually making it, nor in fact, the time to do so either.
>
> Good luck, it does work well in the end.
>
> - Jamie

Thanks for your input Jamie, it sure helps a lot!

Sincerely,

Jan.

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Lubos Vrbka: "Re: aptitude and apt-listbugs"
• In reply to: Jamie Thompson: "Re: ldap conversion strategy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: This is stupid - why cant I send to an Address List? ... If you want something that updates as new users are added who match the ldap ... > address list in exchange system manager) with one member for now ... > Outlook I can't send an ... (microsoft.public.exchange.admin) Re: ldap conversion strategy ... > and uniquely identified by the same gid over all workstations) in the ... > ldap tree. ... > example) in the ldap tree with the same group id as locally defined? ... That means watching for updates and manually updating the ldap tree. ... (Debian-User) RE: Openldap update problem ... time to review them. ... Installing updates automatically seems like bad practice to me. ... > any of the linux machines. ... After some digging, I checked the LDAP ... (RedHat) [SLE] [SuSE 9] Error writing youservers file ... updates with no problem. ... I authenticate against an LDAP ... but I don't know if that matters with the 777 permissions. ... Check the headers for your unsubscription address ... (SuSE) Office XP standard update ... microsoft lets hope they are going though the problems ... Jamie ... Unable to check for updates on this computer. ... >I have updated before with no trouble, ... (microsoft.public.officeupdate)