----- Original Message ----- From: "Mike Brady" <[EMAIL PROTECTED]> To: "Eddie Lania" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, September 28, 2002 10:20 PM Subject: Re: Groups in ldap and /etc/group?
> Eddie > > The answer to this really depends on what it is that you are trying to do and > how you want to manage your site. Which comes back to people and processes > more than anything else. Strictly speaking Samba use of LDAP and Unix use of > LDAP for user account data have absolutely nothing to do with one another. > For instance, you could quite easily have Samba data in LDAP and Unix data in > NIS. The tie between the two for users is the username and for groups is the > group_mapping.tdb file. > > The smbldap-tools (we are talking about he Idealx tools right?) assume that a > solution design decision has been made to store both Unix and Samba user > account data in LDAP and do what is necessary to support this. > > If then you are trying to do things the Idealx way (and I currently am) and > use the smbldap-tools package, then you are correct, in that existing Unix > users in /etc/passwd who also need to use Samba will need to have their Unix > account data moved to LDAP. I haven't needed to look at doing this myself, > but here are a couple of ideas. > > 1) Create the user with smbldap-useradd and then use something else to change > the uidNumber attribute (and what ever alse needs changing) to the current > /etc/passwd values. If you are just testing a few users, use an LDAP browser > to do it by hand. I use gq. If you are looking at a lot of users write a > script to do it. Delete the user from passwd, shadow and group files as > required when you are ready. Ok, but what about the user his/her group that normally is the same number as his/her uid? Would that then be permanently changed to a Domain Group? Or should the group also be moved from /etc/group to ldap? Is it wise to change a unix user his/her group to a different group? (At this moment I wouldn't know why this should not be possible, but maybe anyone else has a good reason?) Eddie.
