On Sun, Dec 13, 2015 at 10:03 AM, Alexey Shvetsov <[email protected]> wrote:
> Hi all!
>
> We trying to use ldap for users @work, many of our workstations running
> binary gentoo based distro called Calculate linux. However if we wanna have
> wide use of ldap there is a need for determenistic system group gids names
> and user uids.
>
> Many ebuilds in tree uses enewgroup and enewuser with -1 (aka next
> available parameter)[1]. However it will be much better to set distro wide
> deterministic uid and gid for system service name. So for example ldap
> users may have determenistic groups like video, audio, plugdev, etc..
>
So the first question I normally ask here is:
1) Why do you need deterministic uid / gid's?
2) If you do need deterministic uid / gid's, I would recommend storing them
all in the same place.
For example, you typically want a deterministic UID for a user. To
accomplish this, you add that user to LDAP, give them a UID in LDAP, and
then either add LDAP to nssswitch or use something like nsscache to sync
the ldap UID's into the local system.
3) If you need deterministic GID's I would recommend storing them all in
LDAP and syncing the group memberships locally.
I never understood why people would think the distro should handle unique
gid / uids. Plus you usually end up running:
1) More than one distro.
2) More than one 'flavor' of a single distro where for whatever reason, uid
and gid decisions differed (they renumbered, etc.)
So if you want a consistent GID for a group, store the group name and gid
in ldap and sync it; do not rely on your distro to do it. IMHO doing so is
a design error.
-A
>
> [1] $ egrep '(enewgroup|enewuser)' * -R | awk -F '/' '{print $1 "/" $2}' |
> grep -v eclass | sort -u | wc -l
> 443
> So there not so much gid uids needed
>
> --
> Best Regards,
> Alexey 'Alexxy' Shvetsov
> Best Regards,
> Alexey 'Alexxy' Shvetsov, PhD
> Department of Molecular and Radiation Biophysics
> FSBI Petersburg Nuclear Physics Institute, NRC Kurchatov Institute,
> Leningrad region, Gatchina, Russia
> Gentoo Team Ru
> Gentoo Linux Dev
> mailto:[email protected]
> mailto:[email protected]
> mailto:[email protected]
>
>
