[Date Prev][Date Next]
Re: users, groups, etc. for posix authentication?
On 1/5/2011 17:01, Howard Chu wrote:
in fact your answer is perfect and sufficiently answers all the
questions. if the underlying operating system doesn't support it, then
ldap can't be used for it. thank you :)
Christ Schlacta wrote:
A POSIX system considers usernames to be a flat namespace. If you
store them in separate branches of a directory, you create the
possibility of having duplicate names in separate branches, and the
base OS will not be able to handle that.
is there any reason that a posix usernames, groups, passwords, etc. must
be stored in distinct locations in a directory ? I realize this mostly
applies to the padl pam/nis and the libnsspam-ldapd module specific.
can they be stored in other structures effectively and usefully? can
they be stored on a department by department basis, or in any other
organizational scheme? (ou=arbitrary1,dc=... having groups and users,
while ou=arb2,ou=arb3,dc=... also has users and groups?) if a scheme
like the above is used, will all users and groups be available on a
system? must they be free of naming conflicts, or will
group=users,ou=arbitrary1,... be different from
group=users,ou=arb2,ou=arb3,... ? if they're different, how would this
be indicated by the systems?
This question has nothing to do with LDAP and has no place on this forum.