fedora-directory-users-request@xxxxxxxxxx wrote:
Date: Tue, 10 Jan 2006 22:32:53 +0200
From: Mike Jackson <mj@xxxxxx>
Subject: Re: posixGroup location best
practices
Susan wrote:
Hi. Quick question, where in the tree do I stick posixGroups?
For now, I'll be authenticating linux machines only, so every uid=gid. Should I create a OU
called Groups or something and put all the groups in there? Or have a uid under gid or what? How
do you guys do it?
Sure, just create some OU entry and put the group entries under that.
That's the usual way. The reason for grouping them together is in case
you want to restrict your search base, for efficiency and performance -
not that it matters much in small setups.
For people migrating from traditional passwd and group databases it does
make sense to keep them colocated in the directory as well. And because
users and groups represent two different namespaces in Unix, it is
essential to keep them separate in the directory (ou=users and
ou=groups). (Contrast this with Microsoft, where users and groups all
reside in the same namespace. Very annoying.)
Date: Tue, 10 Jan 2006 21:58:07 +0100
From: Jo De Troy <jo.de.troy@xxxxxxxxx>
Subject: Re: password history question
Susan,
I thought I needed the cacert line in /etc/openldap/ldap.conf to point the
ldap client to the CA cert we trust, otherwise we might not trust the
server certificate being signed by the CA.
Thanks again,
Jo
That's correct, you always need the CA cert on all of the servers and
clients. (Unless you're using anonymous cipher suites, in which case you
don't need any certs at all. But that's pretty reckless.)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
