On Tue, Oct 10, 2006 at 12:46:58PM +0200, Wouter Verhelst wrote: > On Mon, Oct 09, 2006 at 10:16:45AM -0400, Roberto C. Sanchez wrote: > > I guess that if the deployment were on a new network, it would be easier > > to affect how the gids are assigned, since you would be looking for > > issues like that. However, for an existing network, this can be more of > > a problem. > > Not necessarily. There is no real need to have system GIDs assigned > through LDAP. In fact, personally I'd recommend against it. > > PAM has this wonderful feature called "stacking", which means that you > can perfectly well use system GIDs from /etc/group, while your locally > assigned GIDs can come from LDAP. I know that's how I did stuff when I > transitioned my home network to LDAP. > That is fine for a home network. However, on a network of 1000 workstations, having to specify group memberships on the clients is kind of a pain. All I am trying to say is that Debian should not make it difficult for the admin to implement what he/she wants. Unfortunately, the current system does just that. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature