Re: managing /etc/passwd and /etc/group with LDAP?

[Lasse Hillerøe Petersen <lassehp@imv.aau.dk>]

At 9:31 -0800 10/02/1999, John Kristian wrote:
>Use the attributes uidNumber and gidNumber.  In general, conform to RFC 2307.

Thanks. Naturally, I would have checked the existing schema for fitting
attributes first, and of course these are the correct ones to use.

But my question was of a more general nature: is it wise to give up
traditional management of /etc/passwd and /etc/group in favor of the more
complicated use of LDAP? The way I would use it would naturally construct a
proper /etc/passwd file (rather than relying on the availability of a
separate NIS service, for example), so in case something went wrong with
LDAP, things would still work.

A further possibility would be to appoint certain members of some groups as
"supermembers", and give them rights to add and remove users in the group.

Also, is anyone aware of some sort of utility to manage groups for LDAP
servers? I often want to define groups in terms of unions or intersects of
other groups, or as subgroups to another group, based on matching criteria.
Is there anything that supports this, or do I have to write my own?

My basic problem is that I don't really have sufficient resources to do the
management myself (which means that groups and group mail aliases are
always more or less out of date), and frankly, even if I had, I'd rather
delegate the work, and concentrate on other things, and just checking that
things are getting done properly.

Are there other LDAP mailing lists where such discussion would be more
appropriate?

-Lasse