[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Ldap+Nfsv4+kerberos *nix / *bsd puzzle.
On 30/11/2011 00:33, Howard Chu wrote:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=doc/drafts/draft-howard-rfc2307bis-xx.txt;h=74bfdc7c268053c8375e5fe9de68f60b10e91084;hb=HEAD
Section 2.2.2
This solution was mentioned on the list a year or two ago, I had to
implement something similar to allow different home directories/shells
on different systems.
I went with a similar solution to Harry's #5, creating new attributes to
hold these values which are mapped in /etc/ldap.conf on each system
appropriately.
In our environment though, the proposed attribute options wouldn't be
particularly useful. We run HPC systems with hundreds of hosts, so a
option such as 'host-<servicename>' would be more useful.
To the OP: you might find that using a custom gidNumber attribute
doesn't fully work. When I tried this approach it wasn't possible to get
the custom gidNumber remapped by getent etc to find the group's name.
Just had a dig around, here's my query about this subject from Feb 2010:
<http://www.openldap.org/cgi-bin/wilma_hiliter/openldap-technical/201002/msg00073.html>
No solution to this (at the time, anyway). I abandoned trying to have a
per-service gidNumber attribute.
--
Liam Gretton liam.gretton@le.ac.uk
HPC Architect http://www.le.ac.uk/its
IT Services Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom