Re: ldap conversion strategy
On Wed, 30 Nov 2005 00:28:33 +0000
Jamie Thompson <debian-users@jamie-thompson.co.uk> wrote:
> John Smith wrote:
> > Hi All,
> >
> > I'm in the process of designing a plan to move a lot of debian
> > workstations (all with local users configured) to a ldap managed en-
> > vironment and have some choices to make, some easy, some tough. Here
> > one of the last category:
> >
> > In order to keep the users using applications they derive from
> > their current local group memberships, I intend to recreate the local
> > groups (luckily all according to the default Debian installer policy
> > and uniquely identified by the same gid over all workstations) in the
> > ldap tree.
> >
> > Should I create each and every group (audio with gid=29 for
> > example) in the ldap tree with the same group id as locally defined?
> >
> > Will those two groups colide and if so, what is the best way
> > to solve this collision?
> >
> > Sincerely,
> >
> > Jan.
> >
> >
>
> Moving it all to LDAP is exactly what I did, but the approach has a few
> problems. Basically, whilst it works just fine, any updates to the base
> packages will be applied to the local files, not the ldap directory.
> That means watching for updates and manually updating the ldap tree. Not
> a biggie, but still a pain. In order to reduce the potential for
> conflicts, I also disabled most of the local groups. Unfortunately,
> updates also re-enable these too.
>
> It would be nice to have the base packages call scripts for
> adding/removing the base users and groups that could be pointed at
> scripts or something similar that could be made to service LDAP, but
> that's not the way it currently works and I haven't the faintest idea
> how to go about actually making it, nor in fact, the time to do so either.
>
> Good luck, it does work well in the end.
>
> - Jamie
Thanks for your input Jamie, it sure helps a lot!
Sincerely,
Jan.
Reply to: