Re: users, groups, etc. for posix authentication?

[Howard Chu <hyc@symas.com>]

Christ Schlacta wrote:
> is there any reason that a posix usernames, groups, passwords, etc. must
> be stored in distinct locations in a directory ?  I realize this mostly
> applies to the padl pam/nis and the libnsspam-ldapd module specific.
>
> can they be stored in other structures effectively and usefully?  can
> they be stored on a department by department basis, or in any other
> organizational scheme?  (ou=arbitrary1,dc=... having groups and users,
> while ou=arb2,ou=arb3,dc=... also has users and groups?)  if a scheme
> like the above is used, will all users and groups be available on a
> system?  must they be free of naming conflicts, or will
> group=users,ou=arbitrary1,... be different from
> group=users,ou=arb2,ou=arb3,... ?  if they're different, how would this
> be indicated by the systems?
A POSIX system considers usernames to be a flat namespace. If you store them 
in separate branches of a directory, you create the possibility of having 
duplicate names in separate branches, and the base OS will not be able to 
handle that.

This question has nothing to do with LDAP and has no place on this forum.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/