[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: temporarily removing a group object in SLES11
>>> "Michael StrÃder" <michael@stroeder.com> schrieb am 16.10.2013 um 11:46 in
Nachricht <f41ace7c732bbe79d3dcf04d72d9709a@srv1.stroeder.com>:
> On Wed, 16 Oct 2013 11:19:07 +0200 "Ulrich Windl"
> <Ulrich.Windl@rz.uni-regensburg.de> wrote
>> I realized that in SLES11 SP2 the YaST user management module does recreate
> a
>> group (instead of modifying it) when you add a user to the particular
group.
>> I wonder what the consequences could be (despite of the unnecessary deltas
>> being created). Did anybody else notice this, or even had some negative
>> experience caused by that, escpecially for groups with many members?
>
> If yast2 is really deletes/adds the whole group entry or even all the
> 'member'
> values I'd simply recommend to use decent LDAP admin tools.
The EntryUUID changes, that says all, right ;-)
>
> Obviously it does not scale for large group entries and even could cause
> some
> security headache regarding concurrent group administration.
>
> IIRC a very early version of MMC in W2K also rewrote all 'member'
> values...don't remember the CVE though.
>
> Ciao, Michael.