On Mon, Oct 09, 2006 at 07:09:14PM +0200, Andreas Metzler wrote: > Roberto C. Sanchez <roberto@connexer.com> wrote: > > I have started working with transitioning a network to LDAP. I am still > > experimenting with this at home before implementing it "for real." This > > brings me to my concern. It appears that many groups are added to the > > system "willy-nilly." By that I mean, I have one system where part of > > the /etc/group file looks like this: > > > gdm:x:101: > > man:x:12: > > sasl:x:45: > > ssh:x:102: > [...] > > > On another system, it looks like this: > > > gdm:x:101: > > sword:x:102: > [...] > > > For instance, on one system the camera group has gid 111 and 113 on the > > other. > > See http://www.at.debian.org/doc/debian-policy/ch-opersys.html#s9.2.2 > I will take a look at this. > > That is a problem if I want to server everything up out of LDAP. > > Either install the packages which dynamically add system users on a master > machine first and set them up and export them in LDAP (they won't be > re-generated on the client machines if the user already is present) or do > not keep system users in LDAP. You mention users, but does the same work for groups? If so, I can just whip up a quick script using `find / -group $foo` for all the groups whose gids I want to harmonize. Once that finishes, I can just export the groups via LDAP and remove them entirely from the local machines. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature