[ale] LDAP and System Users/Groups

Dustin Puryear dpuryear at puryear-it.com
Wed Mar 24 09:43:43 EDT 2010


We have a lot of experience in this area. Generally, the approach is:

User accounts go into LDAP.
User groups go into LDAP.
You have a defined block of uids and gids for these.
Your app users and groups go into the local system.

---
Puryear IT, LLC - Baton Rouge, LA - http://www.puryear-it.com/
Active Directory Integration : Web & Enterprise Single Sign-On
Identity and Access Management : Linux/UNIX technologies

Download our free ebook "Best Practices for Linux and UNIX Servers"
http://www.puryear-it.com/pubs/linux-unix-best-practices/

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
brian at polibyte.com
Sent: Tuesday, March 23, 2010 4:51 PM
To: ale at ale.org
Subject: [ale] LDAP and System Users/Groups

Hi,

I'm curious how people administering services on linux in environments
where user accounts are stored in ldap handle users and groups for
software. For example, let's say you use install apache through your
distributions package manager. Do you create an apache user in your ldap
directory beforehand, or do you let the package create a local apache
user?
Or, for a more complicated example, you're installing the oracle
database
through oracle's installer. It requires an account, oracle, that the
software will run as. It also requires a dba group, that the oracle
account
will belong to but that human users will also belong to. Would you
create
both the user and group in ldap, only one of them, or neither? Why?

All the best,
Brian Pitts
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list