On 30/11/2011 00:33, Howard Chu wrote:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=doc/drafts/...
Section 2.2.2
This solution was mentioned on the list a year or two ago, I had to implement something similar to allow different home directories/shells on different systems.
I went with a similar solution to Harry's #5, creating new attributes to hold these values which are mapped in /etc/ldap.conf on each system appropriately.
In our environment though, the proposed attribute options wouldn't be particularly useful. We run HPC systems with hundreds of hosts, so a option such as 'host-<servicename>' would be more useful.
To the OP: you might find that using a custom gidNumber attribute doesn't fully work. When I tried this approach it wasn't possible to get the custom gidNumber remapped by getent etc to find the group's name.
Just had a dig around, here's my query about this subject from Feb 2010:
http://www.openldap.org/cgi-bin/wilma_hiliter/openldap-technical/201002/msg00073.html
No solution to this (at the time, anyway). I abandoned trying to have a per-service gidNumber attribute.