LDAP non-unique uidNumber

Novensiles divi Flamen noven at sincorp.org
Fri Oct 13 08:44:57 CST 2006 

Actually not quite... the clients pick up the username of the user in ldap 
with the same uid number as the passwd login, but a quick chown fixes that 
problem.

- Noven

On Friday 13 October 2006 14:05, Haarsma, Michael (SAPOL) wrote:
> You will need to extend your schema with RFC2307 which is the posix
> user/group attributes.
> This will allow you to assign a UID and GID to each LDAP user, the PC
> (via PAM) will then use these UID/GID's in preference to your local ones
> (assuming NNSWITCH is ldap files). The posix schema will also store your
> shell type and unix home directory.
>
> Use the pam modules pam_mkhomedir.so to automatically create a new local
> home directory for the LDAP users if you want (or use automount to get
> them from NFS etc)
>
> For pam login
> session required pam_mkhomedir.so skel=/etc/skel umask=0022
>
> I assume you would need to copy data from the existing home dir's into
> the new LDAP generated home dirs (or onto the NFS server).
>
>
> HTH
>
> Michael.
>
> PS Weekend. = :)
>
> > -----Original Message-----
> > From: linuxsa-bounces at linuxsa.org.au
> > [mailto:linuxsa-bounces at linuxsa.org.au] On Behalf Of
> > Novensiles divi Flamen
> > Sent: Friday, 13 October 2006 3:39 PM
> > To: linuxsa at linuxsa.org.au
> > Subject: LDAP non-unique uidNumber
> >
> >
> > I've got openldap running perfectly with everything
> > authenticating against it.
> > Currently there are only 6 people entries in it while I'm
> > testing. Now it
> > comes time for a full migration I've hit a problem - all the
> > computers were
> > initially set up with the local user in passwd. Most of their
> > uid numbers are
> > 1000. This works fine as long as they only log in to their
> > own computer, but
> > will create problems when they log into a different computer
> > - which happens
> > often enough to be relevant.
> > Home dir ownership gets set to the username of the 'local'
> > 1000 user, giving
> > the 'visiting' user full permissions to the local users home
> > dir - even
> > though they start in their own home dir.
> > Changing the uidNumber in LDAP means when the user logs in
> > they can't use
> > their own home dir.
> > I'm sure there is something relatively simple I'm missing -
> > has anyone been
> > through this before who can provide insight?
> >
> > - Noven
> > --
> >
> > >-- Novensiles divi Flamen --<
> > >---- Miles Militis Fons ----<

-- 
>-- Novensiles divi Flamen --<
>---- Miles Militis Fons ----<
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.linuxsa.org.au/pipermail/linuxsa/attachments/20061013/fdd28b9e/attachment.bin

More information about the linuxsa mailing list