On Wed, 30 Nov 2005 00:28:33 +0000 Jamie Thompson <[EMAIL PROTECTED]> wrote:
> John Smith wrote: > > Hi All, > > > > I'm in the process of designing a plan to move a lot of debian > > workstations (all with local users configured) to a ldap managed en- > > vironment and have some choices to make, some easy, some tough. Here > > one of the last category: > > > > In order to keep the users using applications they derive from > > their current local group memberships, I intend to recreate the local > > groups (luckily all according to the default Debian installer policy > > and uniquely identified by the same gid over all workstations) in the > > ldap tree. > > > > Should I create each and every group (audio with gid=29 for > > example) in the ldap tree with the same group id as locally defined? > > > > Will those two groups colide and if so, what is the best way > > to solve this collision? > > > > Sincerely, > > > > Jan. > > > > > > Moving it all to LDAP is exactly what I did, but the approach has a few > problems. Basically, whilst it works just fine, any updates to the base > packages will be applied to the local files, not the ldap directory. > That means watching for updates and manually updating the ldap tree. Not > a biggie, but still a pain. In order to reduce the potential for > conflicts, I also disabled most of the local groups. Unfortunately, > updates also re-enable these too. > > It would be nice to have the base packages call scripts for > adding/removing the base users and groups that could be pointed at > scripts or something similar that could be made to service LDAP, but > that's not the way it currently works and I haven't the faintest idea > how to go about actually making it, nor in fact, the time to do so either. > > Good luck, it does work well in the end. > > - Jamie Thanks for your input Jamie, it sure helps a lot! Sincerely, Jan. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
