[Fedora-directory-users] Import POSIX Users
Dan Hawker
danhawker at wessexmc.org.uk
Thu Apr 27 12:42:26 UTC 2006
Hi All,
Have my test FDS 1.0.2 server up and running and touch wood, it seems to
be working well.
Am slightly confused about something that is pretty simple, just need some
clarification.
I am planning on migrating my users from having a username stored on every
server (around 10 or so) to having a central directory. Hence my install
of FDS. I have been testing the PADL migration tools to migrate my users.
One thing I have noticed is that when you import a user (or group) via
this mechanism there are a few attributes that are either not used or are
added. For instance if you look at groups...
A standard FDS *group* is a groupofuniquenames, whereas an imported group
is a posixgroup. Logical enough. The only real difference in simple terms
(that I can see) is that the posix one has a couple of extra attributes
such as groupid and memberUid, and the groupofuniquenames has an
additional description attribute.
What I am noticing however is that when adding users to groups that is a
*groupofuniquenames* you get to use the simple, easy-to-use dialogue,
whereas with the *posixgroup* you get the advanced dialogue. This is fine,
they are both easy to use. However when adding a new user (via the
console) you add a regular user. This can have posix attributes added (as
per the posix user tab) which is great. However I have noticed that
posixusers are not recognised as *users* when searching from the console
(say to add ppl to a group), hence you cannot use the usual add member to
a group if the user is a posixuser.
Also I wondered what happens when you add aforementioned regular user to a
non-posix group. How does FDS (or indeed the posix based machine that is
asking for the info, understand if the user is a member of that group and
hence allow access to the resource???
So...
Am I missing something simple???
is this the nature of LDAP (or the way the interface works)???
should I *filter* my LDIF a bit more and edit it to suit *standard user &
groups* (will this work OK)???
should I just use posix users & groups (within FDS)???
is there a way of adding attributes to existing objectClasses to add the
additional attributes???
TIA
Dan
More information about the Fedora-directory-users
mailing list