Chris wrote:
I've toyed with LDAP accounts before to get them to work. But now I'm going to put it into production.I'm wondering though about user and group management. When ports are installed on individual servers, users and groups are sometimes added for daemons. It would be nice to receive notification and possibly block and or redirect actions to appropriate scripts and the LDAP server.Are there any ports or mechanisms for hooking into the scripts and programs that handle account modification (chpass, adduser and pw) or does everyone typically do this sort of thing by hand?
For the user and groups set up when installing from the ports -- unfortunately no. Each port that needs to set up a UID/GID will have its own pkg-install script to do the work. These are all written separately for each port that needs one -- no common code libraries etc. other than cut'n'paste from some other port. These are generally wrappers around pw(8) and have no facility for switching to some other program to generate accounts. I believe though that while pw(8) can only update text format files such as /etc/master.passwd or /etc/group it will report all of the UIDs or GIDs known to the system from whatever authentication databases you are hooked up to. So if you create appropriate UIDs and GIDs in LDAP before trying to install the port, you shouldn't end up with a second local account withthe same credentials. Also note that you will likely have boot-order problems: you'll need to ensure that your system is up and on the network and resolving the user information with whatever network based service you're using before any of the daemons that run as those UIDs are started. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature