[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Too many default groups in Skolelinux' LDAP schema?

* Herman Robak (herman@skolelinux.no) [040318 10:42]:
> > Let me just make the comment that too many groups will create real 
> > problems, no matter what the naming scheme is. Since NFS will honour no 
> > more than 16 groups,

relax, the world is not ending because of this.

this is not as desasterous as it might look on a first glance.
only if the accessed data was imported via nfs (and the thin
clients dont count here) posix-groups exceeding 16 will be
silently truncated. that could lead to permission problems on
files, but not data loss or login problems. dont attribute every
problem you see to this new and shiny big problem.

>  The LDAP frontend must (MUST!!!) enforce this
> limitation, and warn the admin once it is encountered.
> Failing silently is not an option.

i feel fixing the underlying problem would be a better option
then enforcing the limitation accross the whole system.

> >  We have diagnosed this problem at one school at least,
> > where one of the teachers was a member of 28 groups.
>  At the school where my cousin is IT admin (i.e. a teacher
> who got the additional chore of being sysadmin) I suspect
> the number of groups have already exceeded 16. 

you can have many more groups then 16. it is just that the 17th
... nth group a certain user is a member of will not be handled
correctly over nfs.

> Some of
> the newly added users could not log in.

i dont see how that could be related. please elaborate.

Reply to: