[Date Prev][Date Next]
problem about smooth migration from files to ldap
- To: email@example.com
- Subject: problem about smooth migration from files to ldap
- From: huwenfeng <firstname.lastname@example.org>
- Date: Tue, 13 Mar 2012 10:17:58 +0800 (CST)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Received:Date:From:To:Message-ID:Subject: MIME-Version:Content-Type; bh=aIWidTYplZUOtkIMGJs78Ex7N3fEzEDhfR TDdAUzDBI=; b=WHFJTOqofoUiin59r2fNueF1ez7nQfeJs/0wXKzigy1de/6a/t SpQ0rZPSYsWxhuEcpIebfj1hCpeW1J3xkVY+7vqfv+xY09N+M6NQh1c2HT2UkvVP 4AjmPrm5wVucK1mBRpdJMjOOc0VKWvJtYSo1RjJ83JZ6c0eOYcf6WJ2wA=
I got a non-technical problem here.
I have managed to solved the problem of using OpenLDAP to store user and group infomation and successfully logined into Linux Servers using OpenLDAP.
In the Linux Server, i got LOCAL groups named like `devel` and `www`, and LOCAL users belong to these groups. Through the /etc/sudoers file, I give different groups with different privileges.
In the OpenLDAP database, i defined my own `devel` and `www` groups. and users in OpenLDAP belongs to their corresponding groups.
The problem is , if i add ldap into /etc/nsswitch.conf, then only the first pair of (users/groups) get the right privileges from /etc/sudoers. That means, if I put `ldap` before `files`, only the users login through OpenLDAP can use the privileges defined in /etc/sudoers. But if I put `files` before `ldap` in /etc/nsswitch.conf, then only Local (users/groups) pair got the privileges from /etc/sudoer2.
I got a bad solution here: give different names to groups from OpenLDAP, and define new privileges in /etc/sudoers for these groups. and after migration, delete the old local groups and old sudo privileges. But this seems to be not that good a solution.
I wonder, what might be the best or right way to migrate from (local user/group) to (ldap user/group) smoothly.
Any clue or advice will be greatly appreciated.
Thank you In advance.