[SAC] We are one (with the LDAP)

Martin Spott Martin.Spott at mgras.net
Sun Mar 29 09:26:53 EDT 2009 

Frank,

On Sat, Mar 28, 2009 at 09:01:23PM -0400, Frank Warmerdam wrote:
> Martin Spott wrote:
>> On Sat, Mar 28, 2009 at 11:30:42AM -0400, Frank Warmerdam wrote:

>>> I'm still quite confused by how all this is working now.  I had manually
>>> created many accounts on upload.osgeo.org.
>>
>> That sounds a bit unfortunate as we've been recovering the numeric
>> UID's from Telascience LDAP and you apparently have been introducing
>> new ones.

> I'm speaking of the accounts created over the last 24 months or so,
> not since the recent LDAP breakdown.

Ah, well. I had seen traces of different numerical UID's referring to
the same login on 'upload' ('martinl' being one example), therefore I
was under the assumption that new logins had also been added after the
Telascience LDAP crash. Please excuse me if I was wrong.

> I do not refer to any schema.  I never asked for them to be synced or
> added to LDAP.  In fact, I had come to the conclusion that there was
> really little need for LDAP on the telascience blades, and if I had
> been more available when this recent crisis struck I would have advised
> against use of LDAP for blade accounts.
>
> However, given that lots of good work has been done, I would like to understand
> how it works, and how to bring things that were functioning fine (ie. local
> accounts, cron jobs) back into operation.

Well, some of these machines (personally I know of four of them) had,
apparently, been configured to use a mix of local accounts _plus_
Telascience LDAP for a while, so there's nothing basically new we've
been introducing here.
"The work" that had been done recently was solely related to recovering
the Telascience LDAP accounts (at least most of them, I hope) from a
corrupt LDAP database and to merge their UID's, home directories and
login shells into OSGeo LDAP. This merge involved removal of approx.
half a dozend duplicates where users had a login name in Telascience
LDAP which differed from their login at OSGeo LDAP. OSGeo login names
had been choosen as a preference here.

That's all and does, in no way, affect the obvious disagreement over
how logins on the blade machines are supposed to be handled. I'll
happily stay out of the related discussion  :-)

Cheers,
	Martin.
-- 
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

More information about the Sac mailing list