[ale] LDAP and System Users/Groups
Jerald Sheets
questy at gmail.com
Wed Mar 24 10:48:53 EDT 2010
Our Oracle user and dba group are both in LDAP.
Nary an issue.
---
Jerald M. Sheets jr.
On Wed, Mar 24, 2010 at 10:41 AM, John G. Heim <jheim at math.wisc.edu> wrote:
> Yeah, so this implies that your oracle group is a local group with both
> ldap and local users in it. So is mine.
>
> On the other hand, we have groups that are both ldap and local. To get
> access to the cdrom on a debian system, you add them to the cdrom group.
> This would normally be a local group but we created an ldap group for it
> too. So when a user logs in, it first checks with ldap to see if they're in
> the cdrom group. But they could also be in the local cdrom group.
>
> The original question seemed to be asking if other people have any policies
> in this regard. Actually, it never occured to me to create a policy. I've
> just been doing what ever is easiest.
>
> ----- Original Message -----
> From: "Jim Kinney" <jim.kinney at gmail.com>
> To: "Atlanta Linux Enthusiasts - Yes! We run Linux!" <ale at ale.org>
> Sent: Tuesday, March 23, 2010 9:18 PM
> Subject: Re: [ale] LDAP and System Users/Groups
>
>
> > Ditto on oracle. System accounts get handled by the local machine.
> > That said, putting oracle accounts in ldap is a good thing for large
> > environments.
> > For distros like rhel, apache install creates local system accounts.
> Since
> > all system accounts will, by default, have uid <500 , using ldap for all
> > ordinary, non-system accounts is pretty straight forward.
> > There is also a non standard patch that stores ssh pub keys in ldap for
> no
> > password ssh access.
> >
> > On Mar 23, 2010 8:45 PM, "adam" <prozaconstilts at gmail.com> wrote:
> >
> > brian at polibyte.com wrote:
> >> Hi,
> >>
> >> I'm curious how people administering services on linux in envir...
> > I keep systems accounts on local systems.
> >
> > Oracle (of course), likes to do it differently. I build an oracle user
> > and group in ldap, but since I install oracle from their vanilla
> > distributions, and not via a package system, that means I get to define
> > the users and groups during installation that oracle will be assigned to
> > use, and not have a package manager decide what to do.
> >
> > If, for some reason, you have a packaged oracle that you have to use,
> > I'd then stick to local system accounts. It'll make patching and
> > updating later a lot less painful.
> >
> > Adam
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/ma...
> >
>
>
>
> --------------------------------------------------------------------------------
>
>
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100324/b1058170/attachment.html
More information about the Ale
mailing list