On 1/10/11 5:50 PM, David Stuart wrote: > Afternoon, > > New admin here. > > I am configuring a SLES 11 SP 1 system. > > LDAP has been mentioned for authenticating users. I can't seem to find > anything in the manuals, but may very well be looking in the wrong places. > > Is it possible to have a mix of both LDAP-authenticated and > locally-authenticated users on the same Linux system? > > The LDAP Server that would be accessed is either a Windows Active Directory > or a Novell Meta-Directory Server. I'm not sure which is actually being used > today. > > > Thanks, > Dave
Should be no problem at all. Both our SLES and RHEL boxes use LDAP, and have a few local accounts. The split we make is to have application accounts (e.g. oracle, apache, etc) and other accounts that have no password local and real people's accounts on LDAP. There's a very few exceptions, but this works pretty well for us overall. Make sure that whatever LDAP service you are using has the Posix attributes added to your accounts (objectclass posixAccount mostly) and pre-populated. Also make sure that you have no uid/gid conflicts in LDAP or between LDAP and local accounts. I recommend allocating uid's in LDAP by a program for consistency, and starting somewhere up high enough that there's no worries of conflict (2 million or so works well). You're also may want some mechanism to provision specific users from LDAP to specific servers, depending on the size of your shop. At least in our environment we don't want to automatically allow every single employee access to all servers. We use the optional filters on service search descriptors for this (the 5th field of nss_base_passwd and nss_base_user attributes). Good luck! Feel free to contact me offlist if you'd like more specific advice. -- Pat ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
