Take a look at pam ldap cache -nick
On Fri, Sep 21, 2012 at 9:39 AM, David Filion <[email protected]> wrote: > Hi all, > > I'm in the process of cleaning up the users and groups on our RHEL/CentOS > servers, the end goal being to centralize the information in an LDAP > directory. > > Where I'm not sure how to proceed is where to place system accounts and > groups. > > Lets take Oracle as an example. It requires the following: > > - A user "oracle" w/group "oinstall". This accounts owns the files on disk. > - Group "dba", DBA user group > - Group "oper", not so DBA user group > > What I'm unsure of is where to put them. > > - Do I create them on the server then have to perform local updates to the > group members as people come and go? > > - Do I put them in the directory and hope it doesn't go down*. > > - Do I go 50/50. Create oracle/oinstall locally but put them dba and oper > groups in the directory. (This seems like the winning choice.) > > > *It's redundant, and shouldn't go down. But never say never. > > To add more ingredients to the pot, I'm using Puppet to setup new servers > which can, and usually does, get confused when having local and centralized > groups. > > Ideas, comments? > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
