welcome: please sign in

The following 129 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
Administration   afs   all   alone   although   an   and   as   available   be   been   better   but   by   can   Category   command   consult   Coop   could   currently   database   depended   directory   display   doesn   don   done   etc   ever   expands   expect   few   fields   finger   For   for   form   from   future   groups   grows   hacked   hand   has   have   history   However   in   info   information   infrastructure   integrated   intended   interested   interesting   is   it   its   keep   Kerberos   libnss   looked   marginal   marginally   members   metadata   might   more   moved   name   names   no   not   nothing   obtain   on   only   onto   Open   other   our   output   primarily   proved   provide   pulls   query   real   really   reason   rely   results   richness   say   service   services   serving   setup   slightly   So   so   space   supplementary   System   that   The   the   then   there   things   this   to   Unix   up   use   used   user   users   volunteer   want   We   we   well   which   will   with   worth   years  

Clear message
Edit

OpenLDAP

For a few years, we used OpenLDAP, but nothing really depended on it. We could have integrated it better with Kerberos and done a few interesting things with it, but its worth proved marginal and the volunteer interested in it moved onto other things. We currently don't have GECOS info available for AFS users in a form that UNIX services can use; for that reason alone we might want to use LDAP in the future.

For history:

We use LDAP as a members information directory to be looked up by hand, no services consult it.

For serving user metadata, we use libnss-afs which pulls that information from AFS PTS database. However, the PTS is not really intended for this, so it doesn't provide space for user's supplementary Unix groups, GECOS fields etc.

So we keep this information (real names, primarily, but UID/GID etc. as well) in LDAP, although only members' real name is ever looked up there. The "finger" command has been hacked slightly to obtain all info from AFS PTS, then query LDAP for real name, and then display results in an integrated "finger" output.

So, we could say that LDAP is only marginally used in our setup, but I expect we will rely on it more as our infrastructure expands and HCoop service grows in richness.

CategorySystemAdministration

OpenLDAP (last edited 2012-09-06 07:01:09 by ClintonEbadi)