Date: Tue, 02 Sep 2008 06:36:24 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Chris <christopher-ml@telting.org> Cc: freebsd-questions@freebsd.org Subject: Re: LDAP and Account Management Message-ID: <48BCD0D8.7070309@infracaninophile.co.uk> In-Reply-To: <48BC5F97.1000809@telting.org> References: <48BC5F97.1000809@telting.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF1F2E1F8BFC23FC66ACB3F1F
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Chris wrote:
> I've toyed with LDAP accounts before to get them to work. But now I'm =
> going to put it into production.
>=20
> I'm wondering though about user and group management. When ports are=20
> installed on individual servers, users and groups are sometimes added=20
> for daemons. It would be nice to receive notification and possibly=20
> block and or redirect actions to appropriate scripts and the LDAP serve=
r.
>=20
> Are there any ports or mechanisms for hooking into the scripts and=20
> programs that handle account modification (chpass, adduser and pw) or=20
> does everyone typically do this sort of thing by hand?
For the user and groups set up when installing from the ports --
unfortunately no. Each port that needs to set up a UID/GID will
have its own pkg-install script to do the work. These are all written
separately for each port that needs one -- no common code libraries etc.
other than cut'n'paste from some other port. These are generally
wrappers around pw(8) and have no facility for switching to some other
program to generate accounts.
I believe though that while pw(8) can only update text format files
such as /etc/master.passwd or /etc/group it will report all of the
UIDs or GIDs known to the system from whatever authentication databases
you are hooked up to. So if you create appropriate UIDs and GIDs in LDAP=
before trying to install the port, you shouldn't end up with a second
local account withthe same credentials.
Also note that you will likely have boot-order problems: you'll need
to ensure that your system is up and on the network and resolving the
user information with whatever network based service you're using before
any of the daemons that run as those UIDs are started.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigF1F2E1F8BFC23FC66ACB3F1F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAki80N0ACgkQ8Mjk52CukIx+jwCeOqgtQz0dz7yUJ77hH0AtFbzo
InEAn0cmXfXBUn5lK7uErcmUcgK90gpV
=AKRH
-----END PGP SIGNATURE-----
--------------enigF1F2E1F8BFC23FC66ACB3F1F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48BCD0D8.7070309>