Re: VA.debian.org runs LDAP now
On Thu, Jan 06, 2000 at 03:29:19PM +0000, Miquel van Smoorenburg wrote:
> In article <cistron.Pine.LNX.3.96.1000105001914.7133A-100000@wakko.deltatee.com>,
> Jason Gunthorpe <jgg@ualberta.ca> wrote:
> >I spent the entire evening today converting VA to LDAP and cleaning out
> >alot of cruft. In the process I had to renumber several of CVS repository
> >group IDs, I hope this doesn't effect anything but if something goes
> >funny, this might be why.
>
> Hmm - how does this work? I'm not in /etc/passwd, I don't see any
> ldap references in /etc/nsswitch.conf, it doesn't use NIS - I should
> not exist. Yet every utility knows my name:
>
> $ id
> uid=858(miquels) gid=800(Debian) groups=800(Debian)
Jason has the LDAP for us setup to rsync (via ssh) a setup of passwd.db
files to each system. These files are located under /var. Using standard
LDAP for NS (with libnss_ldap) means that if that ldap server dies, logins
are disabled. Using userdir-ldap (the system that Jason developed) the
user information is kept in an LDAP directory (for central and extendable
maintainence) and is distributed via db files to each system (for
disconnected use and security).
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: