Our Oracle user and dba group are both in LDAP.<br><br>Nary an issue.<br clear="all">---<br>Jerald M. Sheets jr.<br><br><br>
<br><br><div class="gmail_quote">On Wed, Mar 24, 2010 at 10:41 AM, John G. Heim <span dir="ltr"><<a href="mailto:jheim@math.wisc.edu">jheim@math.wisc.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Yeah, so this implies that your oracle group is a local group with both<br>
ldap and local users in it. So is mine.<br>
<br>
On the other hand, we have groups that are both ldap and local. To get<br>
access to the cdrom on a debian system, you add them to the cdrom group.<br>
This would normally be a local group but we created an ldap group for it<br>
too. So when a user logs in, it first checks with ldap to see if they're in<br>
the cdrom group. But they could also be in the local cdrom group.<br>
<br>
The original question seemed to be asking if other people have any policies<br>
in this regard. Actually, it never occured to me to create a policy. I've<br>
just been doing what ever is easiest.<br>
<div><div></div><div class="h5"><br>
----- Original Message -----<br>
From: "Jim Kinney" <<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>><br>
To: "Atlanta Linux Enthusiasts - Yes! We run Linux!" <<a href="mailto:ale@ale.org">ale@ale.org</a>><br>
Sent: Tuesday, March 23, 2010 9:18 PM<br>
Subject: Re: [ale] LDAP and System Users/Groups<br>
<br>
<br>
> Ditto on oracle. System accounts get handled by the local machine.<br>
> That said, putting oracle accounts in ldap is a good thing for large<br>
> environments.<br>
> For distros like rhel, apache install creates local system accounts. Since<br>
> all system accounts will, by default, have uid <500 , using ldap for all<br>
> ordinary, non-system accounts is pretty straight forward.<br>
> There is also a non standard patch that stores ssh pub keys in ldap for no<br>
> password ssh access.<br>
><br>
> On Mar 23, 2010 8:45 PM, "adam" <<a href="mailto:prozaconstilts@gmail.com">prozaconstilts@gmail.com</a>> wrote:<br>
><br>
> <a href="mailto:brian@polibyte.com">brian@polibyte.com</a> wrote:<br>
>> Hi,<br>
>><br>
>> I'm curious how people administering services on linux in envir...<br>
> I keep systems accounts on local systems.<br>
><br>
> Oracle (of course), likes to do it differently. I build an oracle user<br>
> and group in ldap, but since I install oracle from their vanilla<br>
> distributions, and not via a package system, that means I get to define<br>
> the users and groups during installation that oracle will be assigned to<br>
> use, and not have a package manager decide what to do.<br>
><br>
> If, for some reason, you have a packaged oracle that you have to use,<br>
> I'd then stick to local system accounts. It'll make patching and<br>
> updating later a lot less painful.<br>
><br>
> Adam<br>
><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/ma." target="_blank">http://mail.ale.org/ma.</a>..<br>
><br>
<br>
<br>
</div></div>--------------------------------------------------------------------------------<br>
<div class="im"><br>
<br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
</div><div class="im">> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
<br>
</div><div class="im">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
</div><div><div></div><div class="h5"><a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br>