[Fedora-directory-users] WindowSync and Netgroups: Where to add netgroup attributes?
Kenneth Holter
kenneho.ndu at gmail.com
Mon Jan 5 14:49:38 UTC 2009
Hi.
We're planning on using netgroups to control user access to the different
servers within our organization, and the netgroups will be populated based
on group memberships on the AD-side (we'll use WindowsSync to sync groups
from AD to DS). The basic idea is this:
- Sync AD-group entry "group1" over to DS-group entry "group1". This is
done automatically with WindowsSync.
- Populate netgroup entry "netgroup1" based on DS-group entry "group1".
Alternately, add "netGroup" object class to DS-group entry.
- Configure clients to use netgroup based authentication.
A script will be created to manage netgroup membership dynamically, but
creation of netgroups will probably be done manually.
Anyway, we need to decide on whether to have a separate netgroup entry and
populate netgroup attributes here, or if we should simply add
netgroup attributes to the DS-group itself. I believe that both options will
work just fine, but would like to hear from others who may have implemented
a similar scheme. Maybe there are some pitfalls that we should be aware of.
Regards,
Kenneth Holter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090105/b883828c/attachment.html>
More information about the 389-users
mailing list