[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about system accounts in LDAP.

I am not an expert.  In fact, all my attempts at LDAP have been
frusterated by authentication issues, but here is my take.

The goal for LDAP authentication is to have consistent user accounts
across a network of machines.  System accounts do not need to roam like
user accounts in this scenario.

On Tue, 2003-08-12 at 11:22, Jon Wood wrote:
> On Tue, 2003-08-12 at 00:58, Donovan Baarda wrote:
> > On Tue, 2003-08-12 at 01:50, Fred Clausen wrote:
> [...snip...]
> > > 
> > > What would you guys suggest is the best practice?
> > 
> > In general its inadvisable to have system users in LDAP; when LDAP
> > breaks you can't even log in at the console as root.
> > 
> > The default LDAP migration script in the debian migrationtools does not
> > migrate all users below UID 1000 and groups below GID 100.
> > 
> Wouldn't it make more sense just to leave root in passwd, and everything
> else runs from ldap? (Except possibly the openldap user... nasty
> circular dependency there :P)
> 
> > 
> > -- 
> > Donovan Baarda <abo@minkirri.apana.org.au>
> > http://minkirri.apana.org.au/~abo/
> -- 
> Jon    ^^^
>       (0 0) jellybob.co.uk
> ---o0O-----O0o----
Reply to: