Re: Unix group to handle CDD roles?
On Wed, 7 Apr 2004, Cosimo Alfarano wrote:
> I fear LDAP is too complicated to be used in a generic/generalised
> infrastructure like CDD aims to be.
Same for me. (If you have read the mails from Debian-Jr Ben was quoting
you will notice that I was always in favour of groups, but I surely admit
that this aproach has some constraints which have to be solved).
> But since I'm a LDAP supporter :), if there will be consensus on using
> it, there'll be no problem to study a solution with it as a custom
> distro directory.
Good to know that we have knowledged people in the boat. ;-)
Perhaps we should consider LDAP as an configuration option: The tools
which have to be developed for a common cdd package could read some
configuration file and if there is a "USELDAP=yes" option than go
this way and leave user groups for the more simple setups. (Again:
I'm not really sure whether this suggestion makes sense.)
> 1) it's widely probable that some CDD projects need unix group in
> addition to the role handling, and in this case it should maintain
> two parallel list with the same users inside.
Hmmm, maintaining lists of same information is error prone, IMHO.
> 2) it's quite unprobable that the case of GID shortage could verifies on
> a med-dent single computer installation, but only on big clusters
> with plenty of users, where group ownerships is anyway needed by its
> own structure, independelty from how many CDD are installed in the
> cluster.
> ie: subsetting users is anyway needed, CDD groups is only an helper
>
> 3) I do not think that, even a big cluster, would install more then 3/4
> CDD projects at the same time (it means 3/4 unix groups).
ACK.
> I do not think so bad to use dynamically allocated groups for this
> purpose.
> Surely LDAP would be a more cleany and unix-like (and funny? :)
> solution to consider.
Uhm, I think I have a bad sense of humor because I do not regard
LDAP as funny. ;-))
> I do not know other group handling methods except the home-made ones,
> with the problem of system integration.
I'd like to avoid home-made things.
Kind regards
Andreas.
Reply to: