[389-users] Migrating to LDAP authentication

Sean Carolan scarolan at gmail.com
Tue Feb 2 14:01:15 UTC 2010


Perhaps some of you have gone down this path before and can offer some
helpful suggestions.  I need to convert a group of servers to LDAP
authentication.  Most of the user accounts on these systems have
consistent uids and gids across all the servers.  There are a few
exceptions but the people who need to access the servers on a daily
basis should all have the same account uid on every machine.

My questions are:

1.  Can you disable local authentication for all users except root
once LDAP authentication is in place?

2.  If there are some users who only need access to a small number of
servers, how would you handle that situation?

3.  When adding new users, do you create them a private group to avoid
this error?
id: cannot find name for group ID 5001

Any other tips, tricks, or gotchas are most welcome!



More information about the 389-users mailing list