[ale] LDAP and System Users/Groups

John G. Heim jheim at math.wisc.edu
Wed Mar 24 10:41:17 EDT 2010 

Yeah, so this implies  that your oracle group is a local group with both 
ldap and local users in it. So is mine.

On the other hand, we have groups that are both ldap and local. To get 
access to the cdrom on a debian system, you add them to the cdrom group. 
This would normally be a local group but we created an ldap group for it 
too. So when a user logs in, it first checks with ldap to see if they're in 
the cdrom group. But they could also be in the local cdrom group.

The original question seemed to be asking if other people have any policies 
in this regard. Actually, it never occured to me to create a policy. I've 
just been doing what ever is easiest.

----- Original Message ----- 
From: "Jim Kinney" <jim.kinney at gmail.com>
To: "Atlanta Linux Enthusiasts - Yes! We run Linux!" <ale at ale.org>
Sent: Tuesday, March 23, 2010 9:18 PM
Subject: Re: [ale] LDAP and System Users/Groups


> Ditto on oracle. System accounts get handled by the local machine.
> That said, putting oracle accounts in ldap is a good thing for large
> environments.
> For distros like rhel, apache install creates local system accounts. Since
> all system accounts will, by default, have uid <500 , using ldap for all
> ordinary, non-system accounts is pretty straight forward.
> There is also a non standard patch that stores ssh pub keys in ldap for no
> password ssh access.
>
> On Mar 23, 2010 8:45 PM, "adam" <prozaconstilts at gmail.com> wrote:
>
> brian at polibyte.com wrote:
>> Hi,
>>
>> I'm curious how people administering services on linux in envir...
> I keep systems accounts on local systems.
>
> Oracle (of course), likes to do it differently. I build an oracle user
> and group in ldap, but since I install oracle from their vanilla
> distributions, and not via a package system, that means I get to define
> the users and groups during installation that oracle will be assigned to
> use, and not have a package manager decide what to do.
>
> If, for some reason, you have a packaged oracle that you have to use,
> I'd then stick to local system accounts. It'll make patching and
> updating later a lot less painful.
>
> Adam
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/ma...
>


--------------------------------------------------------------------------------


> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list