>>> "Michael Ströder" <[email protected]> schrieb am 16.10.2013 um 11:46 in Nachricht <[email protected]>: > On Wed, 16 Oct 2013 11:19:07 +0200 "Ulrich Windl" > <[email protected]> wrote >> I realized that in SLES11 SP2 the YaST user management module does recreate
> a >> group (instead of modifying it) when you add a user to the particular group. >> I wonder what the consequences could be (despite of the unnecessary deltas >> being created). Did anybody else notice this, or even had some negative >> experience caused by that, escpecially for groups with many members? > > If yast2 is really deletes/adds the whole group entry or even all the > 'member' > values I'd simply recommend to use decent LDAP admin tools. The EntryUUID changes, that says all, right ;-) > > Obviously it does not scale for large group entries and even could cause > some > security headache regarding concurrent group administration. > > IIRC a very early version of MMC in W2K also rewrote all 'member' > values...don't remember the CVE though. > > Ciao, Michael.
