| View previous topic :: View next topic |
| Author |
Message |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
 Posted: Tue May 06, 2008 10:13 am Post subject: LDAP and *NIX user accounts |
 |
|
Hi again.
Still trying to put things together between LDAP and UNIX.
All the accounts that I add to my LDAP database are virtual accounts, right? They're virtual because they aren't defined the UNIX way, am I right?
But I also can allow these virtual accounts to log onto any machine in my network, is that correct? Then if I need to put permissions on a file, I suppose I have to map each LDAP user to a UNIX account, is this still correct?
Thanks.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
 |
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Tue May 06, 2008 12:15 pm Post subject: |
|
|
If you configure your servers to query LDAP for users and groups they behave like real users. You dont need a local->LDAP mapping. If you run "getent passwd" you should see LDAP and local users
_________________
-- http://www.linuxaddicted.de/ | Please help to answer open questions |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Tue May 06, 2008 3:18 pm Post subject: |
|
|
| vad3r wrote: | | If you run "getent passwd" you should see LDAP and local users |
++ for nss_ldap and pam_ldap 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Tue May 06, 2008 10:47 pm Post subject: |
|
|
Thanks for the explanation. Now how are permissions on files set? If I want to set permissions for a group or a user in LDAP on a given file, what will be the numeric UID? Does LDAP automatically create a numeric UID whenever a new user is added? Is it the purpose of nis.schema?
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Wed May 07, 2008 2:17 am Post subject: |
|
|
| VinzC wrote: | | Thanks for the explanation. Now how are permissions on files set? If I want to set permissions for a group or a user in LDAP on a given file, what will be the numeric UID? Does LDAP automatically create a numeric UID whenever a new user is added? Is it the purpose of nis.schema? |
the uid should be the same across all machines... that's how ldap works... and you can specify by name or id (like normal). 
cheers
edit: as for adding users, i've never had any problems with uid's not being generated... however there are a couple pitfalls... @wheel users still need to be defined in /etc/group of the chosen machine... some ldap editors add extra garbage not necessary for login (cosmetic?)... chfn and chsh don't work, nor does useradd (well, it works for the local machine, but not ldap)... 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Wed May 07, 2008 4:37 am Post subject: |
|
|
So LADP does automatically assign a numeric ID to every user added to the directory, do I have understood? (The examples I've seen all use an LDIF file and there's no numeric UID, hence my question.)
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Wed May 07, 2008 9:33 am Post subject: |
|
|
The users you add to your LDAP directory need all the fields that a local account needs too. Here's a example LDIF:
| Code: | dn: uid=bozo,ou=users,c=global,dc=example,dc=com
cn: BoZo the Clown
gecos: BoZo the Clown
gidNumber: 2000
homeDirectory: /home/bozo
loginShell: /usr/bin/bash
mail: bozo@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 132239
shadowMax: 99999
shadowWarning: 7
sn: bozo
uid: bozo
uidNumber: 2000 |
_________________
-- http://www.linuxaddicted.de/ | Please help to answer open questions |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Wed May 07, 2008 10:10 am Post subject: |
|
|
I understand but this is not the answer to my question. Please bear in mind that I *never* used LDAP, especially not in a UNIX environment. So my question is: do I have to manually specify the numeric user ID whenever I add a user to LDAP or does some tool (like useradd does) automatically assign that numeric ID?
EDIT: Or if you want to give me an example, post the command that you usually type to create a user account in an LDAP directory - if it's somehow meaningful.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Wed May 07, 2008 10:16 am Post subject: |
|
|
| VinzC wrote: | | ... Does LDAP automatically create a numeric UID whenever a new user is added? |
| bunder wrote: | | edit: as for adding users, i've never had any problems with uid's not being generated... |
Nice but you didn't mention how they are created, which was my question in fact. Are there special commands for that? So will I have to care for the numeric IDs or are they created automatically?
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Fri May 09, 2008 1:18 am Post subject: |
|
|
| VinzC wrote: | | VinzC wrote: | | ... Does LDAP automatically create a numeric UID whenever a new user is added? |
| bunder wrote: | | edit: as for adding users, i've never had any problems with uid's not being generated... |
Nice but you didn't mention how they are created, which was my question in fact. Are there special commands for that? So will I have to care for the numeric IDs or are they created automatically? |
i just used an ldap editor instead of injecting an ldif... the programs (luma, etc) do it for you, you just push a button and it acquires a uid.
cheers
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Fri May 09, 2008 5:06 am Post subject: |
|
|
Ok, I see now. Thanks.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
|
Networking & Security
