So I can't try LDAP techology on my servers cuz they are
all critical !!
I got to wait & see i guess ...
> X-No-Archive: YES
> > I have been doing some experimentation with LDAP authentication for AIX
> > 4.3.3, but have run into some showstopper bugs:
> > - User membership in other groups (i.e. wheel) does not seem to be set
> > up properly.
> All groups for an LDAP user, and all users for an LDAP group, must
> be defined in LDAP. This is required so that if, for example, LDAP
> and NIS+ were combined and "bob" was in "developers", "managers"
> and "employees" and "employees" was an NIS+ group which didn't
> exist on another non-NIS+ host, "bob" would still be able to log in.
> > - The system sometimes misbehaves badly in the even of an LDAP server
> > crash - the login process can get hung up really bad, even for users
> > that are not set to use LDAP authentication.
> I'm not sure I understand what you're describing.
> There are several parts you could call "the LDAP server". If you
> are talking about the really-real LDAP server (as opposed to the
> security daemon that runs on LDAP clients and speaks LDAP to
> the LDAP server), that shouldn't be happening at all. The other
> one, where the LDAP "client side daemon" (secldapclntd process)
> dies, also shouldn't cause problems. Things =should= degrade
> rather nicely.
> The worst case I can see is if the LDAP server is still up and
> running and accepting requests but doesn't acknowledge them.
> That could cause problems.
> As regards why you'd see spillover into non-LDAP authenticated
> users, please keep in mind that user information and user
> authentication aren't tightly bound. You can have an LDAP
> authenticated user who gets their information from NIS+ and
> vice versa. The "SYSTEM" attribute specifies where a user
> gets authenticated, not where the user's definition resides.
> > I have calls into IBM for these problems, but as yet have not received
> > any solutions. I would suggest trying it out on non-critical servers
> > before making any commitments.
> As with all new technologies, this is very good advice.
> -- Julie.