|
Size: 755
Comment:
|
Size: 867
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| So we keep this information (real names, primarily) in LDAP, and the "finger" command has been hacked slightly to obtain all info from AFS PTS, then query LDAP for real name, and then display results in an integrated "finger" output. | So we keep this information (real names, primarily, but UID/GID etc. as well) in LDAP, although only members' real name is ever looked up there. The "finger" command has been hacked slightly to obtain all info from AFS PTS, then query LDAP for real name, and then display results in an integrated "finger" output. |
| Line 9: | Line 9: |
| So, we could say that LDAP is underused in our setup, but I expect we will rely on it more as we increase the richness of HCoop service. | So, we could say that LDAP is only marginally used in our setup, but I expect we will rely on it more as our infrastructure expands and HCoop service grows in richness. |
We use OpenLDAP, but nothing depends on it.
We use LDAP as a members information directory to be looked up by hand, no services consult it.
For serving user metadata, we use libnss-afs which pulls that information from AFS PTS database. However, the PTS is not really intended for this, so it doesn't provide space for user's supplementary Unix groups, GECOS fields etc.
So we keep this information (real names, primarily, but UID/GID etc. as well) in LDAP, although only members' real name is ever looked up there. The "finger" command has been hacked slightly to obtain all info from AFS PTS, then query LDAP for real name, and then display results in an integrated "finger" output.
So, we could say that LDAP is only marginally used in our setup, but I expect we will rely on it more as our infrastructure expands and HCoop service grows in richness.