is there any reason that a posix usernames, groups, passwords, etc. must be stored in distinct locations in a directory ? I realize this mostly applies to the padl pam/nis and the libnsspam-ldapd module specific.
can they be stored in other structures effectively and usefully? can they be stored on a department by department basis, or in any other organizational scheme? (ou=arbitrary1,dc=... having groups and users, while ou=arb2,ou=arb3,dc=... also has users and groups?) if a scheme like the above is used, will all users and groups be available on a system? must they be free of naming conflicts, or will group=users,ou=arbitrary1,... be different from group=users,ou=arb2,ou=arb3,... ? if they're different, how would this be indicated by the systems?