[ale] LDAP and System Users/Groups

adam prozaconstilts at gmail.com
Tue Mar 23 20:41:16 EDT 2010


brian at polibyte.com wrote:
> Hi,
> 
> I'm curious how people administering services on linux in environments
> where user accounts are stored in ldap handle users and groups for
> software. For example, let's say you use install apache through your
> distributions package manager. Do you create an apache user in your ldap
> directory beforehand, or do you let the package create a local apache user?
> Or, for a more complicated example, you're installing the oracle database
> through oracle's installer. It requires an account, oracle, that the
> software will run as. It also requires a dba group, that the oracle account
> will belong to but that human users will also belong to. Would you create
> both the user and group in ldap, only one of them, or neither? Why?
> 
> All the best,
> Brian Pitts
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

I keep systems accounts on local systems.

Oracle (of course), likes to do it differently. I build an oracle user 
and group in ldap, but since I install oracle from their vanilla 
distributions, and not via a package system, that means I get to define 
the users and groups during installation that oracle will be assigned to 
use, and not have a package manager decide what to do.

If, for some reason, you have a packaged oracle that you have to use, 
I'd then stick to local system accounts. It'll make patching and 
updating later a lot less painful.

Adam



More information about the Ale mailing list