On Fri, Apr 28, 2006 at 10:51:38AM -0400, Jesse W. Hathaway wrote: > I do understand why this feature is needed. However, the additional > feature of having the ability to disable this function is also needed. > It is quite common to not have any of the users, used for system > daemons, to be included in groups found in network directories. It seems > needless to query network directories for system daemons such as apache.
Yes, in some cases such a feature would be useful, but that feature currently does not exist. > Enumeration is a lookup process, so I still think the man page is > unclear, as to what effect the action statement will have in the group > database option. The documentation might be improved, but the documentation of SUCCESS talks about the "wanted entry" and the documentation of NOTFOUND talks about "the needed value", both terms having no meaning for enumeration. Well, you can interpret those terms as "all possible entries"; either way you get that SUCCESS and NOTFOUND action rules have no effect on enumeration. > Given that one of the main features of LDAP and NIS are consistent > groups across all machines, I think it would be beneficial to support > querying network directories selectively. I think the reason this was not solved much easier is that it is not a problem for NIS/NIS+. They need much less resources than LDAP. Enumerating over a couple thousand users using NIS+ was not a problem when I last did it; doing the same with LDAP produces quite a significant load. Gabor -- --------------------------------------------------------- MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences, Laboratory of Parallel and Distributed Systems Address : H-1132 Budapest Victor Hugo u. 18-22. Hungary Phone/Fax : +36 1 329-78-64 (secretary) W3 : http://www.lpds.sztaki.hu --------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]