[K12OSN] same name for local and ldap users

[Craig White]

On Fri, 2007-10-12 at 15:40 -0400, Rob Owens wrote:
> On Fri, Oct 12, 2007 at 12:26:14PM -0700, Craig White wrote:
> > On Fri, 2007-10-12 at 15:15 -0400, Rob Owens wrote:
> > > After installing ldap using the smbldap-installer, I have noticed that I am able to create ldap users with the same username as my local (/etc/passwd) users.  The local user and the ldap user can have different passwords, but seem to have access to the same files based on their username.  I'm not sure if this is a bug or a feature.  If it's a feature I'd like to use it on my laptop, so I can log in with the same username and have access to all my local whether I'm "on the network" or not.
> > > 
> > > So does anybody know if it is recommended/acceptable to do what I'm talking about?
> > ----
> > Not recommended...each user would likely have different uid/gid's and
> > there would be an element of unpredictability. Overlapping uid's/gid's
> > would break security.
> > 
> 
> Thanks Craig.  I recall seeing your post arguing against having a root account in ldap for the same reasons.
> 
> With regards to my laptop, how can I ensure if I save something to the local hard drive as my ldap user that my local user can access it (for when I'm on the road)?  Group access wouldn't seem to work since the ldap group would be unknown to the local machine if no ldap authentication has occurred.
----
I guess I am a bit confused... a local user would normally have his home
directory in /home/$USER - I always put LDAP users $HOME directories in
an nfs mount - i.e. /home/storage/users/$USER and that NFS mount
wouldn't be available if not connected to the network.

If the LDAP user and the local user were going to try to use the same
$HOME directory, you might as well assign them to the same uid - but I
can tell you that I haven't considered the impact of the methodology
other than it is a single machine philosophy.

-- 
Craig White <craig at tobyhouse.com>