[K12OSN] same name for local and ldap users

Rob Owens rowens at ptd.net
Fri Oct 12 20:48:11 UTC 2007


On Fri, Oct 12, 2007 at 01:27:53PM -0700, Craig White wrote:
> On Fri, 2007-10-12 at 15:40 -0400, Rob Owens wrote:
> > On Fri, Oct 12, 2007 at 12:26:14PM -0700, Craig White wrote:
> > > On Fri, 2007-10-12 at 15:15 -0400, Rob Owens wrote:
> > > > After installing ldap using the smbldap-installer, I have noticed that I am able to create ldap users with the same username as my local (/etc/passwd) users.  The local user and the ldap user can have different passwords, but seem to have access to the same files based on their username.  I'm not sure if this is a bug or a feature.  If it's a feature I'd like to use it on my laptop, so I can log in with the same username and have access to all my local whether I'm "on the network" or not.
> > > > 
> > > > So does anybody know if it is recommended/acceptable to do what I'm talking about?
> > > ----
> > > Not recommended...each user would likely have different uid/gid's and
> > > there would be an element of unpredictability. Overlapping uid's/gid's
> > > would break security.
> > > 
> > 
> > Thanks Craig.  I recall seeing your post arguing against having a root account in ldap for the same reasons.
> > 
> > With regards to my laptop, how can I ensure if I save something to the local hard drive as my ldap user that my local user can access it (for when I'm on the road)?  Group access wouldn't seem to work since the ldap group would be unknown to the local machine if no ldap authentication has occurred.
> ----
> I guess I am a bit confused... a local user would normally have his home
> directory in /home/$USER - I always put LDAP users $HOME directories in
> an nfs mount - i.e. /home/storage/users/$USER and that NFS mount
> wouldn't be available if not connected to the network.
> 
> If the LDAP user and the local user were going to try to use the same
> $HOME directory, you might as well assign them to the same uid - but I
> can tell you that I haven't considered the impact of the methodology
> other than it is a single machine philosophy.
> 

For all wire-networked computers, /home would be on an NFS share.  But for the laptop, I can't do that because it makes the laptop useless off of the network.  So I'll have a local /home and an NFS-mounted /mnt/otherhome.  At least that is my plan.  

Currently I do something similar using sshfs to mount "otherhome".  Most stuff gets saved in the sshfs-mounted "otherhome", but if I know I'll need something when I'm on the road I'll copy or move it to the local /home.

Again, my issue is how do I make sure that my local "on the road" user can access files that he saved to local /home while he was authenticated using ldap.

Thanks for your help.

-Rob




More information about the K12OSN mailing list