Re: Ldap+Nfsv4+kerberos *nix / *bsd puzzle.

[Liam Gretton <liam.gretton@leicester.ac.uk>]

On 30/11/2011 00:33, Howard Chu wrote:

> http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=doc/drafts/draft-howard-rfc2307bis-xx.txt;h=74bfdc7c268053c8375e5fe9de68f60b10e91084;hb=HEAD
>
> Section 2.2.2

This solution was mentioned on the list a year or two ago, I had to 
implement something similar to allow different home directories/shells 
on different systems.

I went with a similar solution to Harry's #5, creating new attributes to 
hold these values which are mapped in /etc/ldap.conf on each system 
appropriately.

In our environment though, the proposed attribute options wouldn't be 
particularly useful. We run HPC systems with hundreds of hosts, so a 
option such as 'host-<servicename>' would be more useful.

To the OP: you might find that using a custom gidNumber attribute 
doesn't fully work. When I tried this approach it wasn't possible to get 
the custom gidNumber remapped by getent etc to find the group's name.

Just had a dig around, here's my query about this subject from Feb 2010:

<http://www.openldap.org/cgi-bin/wilma_hiliter/openldap-technical/201002/msg00073.html>

No solution to this (at the time, anyway). I abandoned trying to have a 
per-service gidNumber attribute.

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                 http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom