LDAP non-unique uidNumber
Haarsma, Michael (SAPOL)
michael.haarsma at police.sa.gov.au
Fri Oct 13 06:40:34 CST 2006
You will need to extend your schema with RFC2307 which is the posix
user/group attributes.
This will allow you to assign a UID and GID to each LDAP user, the PC
(via PAM) will then use these UID/GID's in preference to your local ones
(assuming NNSWITCH is ldap files). The posix schema will also store your
shell type and unix home directory.
Use the pam modules pam_mkhomedir.so to automatically create a new local
home directory for the LDAP users if you want (or use automount to get
them from NFS etc)
For pam login
session required pam_mkhomedir.so skel=/etc/skel umask=0022
I assume you would need to copy data from the existing home dir's into
the new LDAP generated home dirs (or onto the NFS server).
HTH
Michael.
PS Weekend. = :)
> -----Original Message-----
> From: linuxsa-bounces at linuxsa.org.au
> [mailto:linuxsa-bounces at linuxsa.org.au] On Behalf Of
> Novensiles divi Flamen
> Sent: Friday, 13 October 2006 3:39 PM
> To: linuxsa at linuxsa.org.au
> Subject: LDAP non-unique uidNumber
>
>
> I've got openldap running perfectly with everything
> authenticating against it.
> Currently there are only 6 people entries in it while I'm
> testing. Now it
> comes time for a full migration I've hit a problem - all the
> computers were
> initially set up with the local user in passwd. Most of their
> uid numbers are
> 1000. This works fine as long as they only log in to their
> own computer, but
> will create problems when they log into a different computer
> - which happens
> often enough to be relevant.
> Home dir ownership gets set to the username of the 'local'
> 1000 user, giving
> the 'visiting' user full permissions to the local users home
> dir - even
> though they start in their own home dir.
> Changing the uidNumber in LDAP means when the user logs in
> they can't use
> their own home dir.
> I'm sure there is something relatively simple I'm missing -
> has anyone been
> through this before who can provide insight?
>
> - Noven
> --
> >-- Novensiles divi Flamen --<
> >---- Miles Militis Fons ----<
>
More information about the linuxsa
mailing list