Perhaps some of you have gone down this path before and can offer some helpful suggestions. I need to convert a group of servers to LDAP authentication. Most of the user accounts on these systems have consistent uids and gids across all the servers. There are a few exceptions but the people who need to access the servers on a daily basis should all have the same account uid on every machine. My questions are: 1. Can you disable local authentication for all users except root once LDAP authentication is in place? 2. If there are some users who only need access to a small number of servers, how would you handle that situation? 3. When adding new users, do you create them a private group to avoid this error? id: cannot find name for group ID 5001 Any other tips, tricks, or gotchas are most welcome! -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
