One curiosity I have discovered while testing out deleting the NI staff group and creating one in LDAP. The group admin (GID 80) does actually appear in both OD datastores. Out of curiosity I wacked the NI admin group leaving only the one in LDAP. After I did that I could no longer log into any of the OD related tools(ie NetInfo Manager, Workgroup Manager IIRC Server Manager as well) using an OD administrative account. I was able to login to NetInfo Manager using root as the username, though. As root I was able to add the group and members back in. I’d definitely recommend staying away from the NI admin group. So it looks like Server relies on that group in some way and only consults NI for it. OD allows a duplicate of that group to. On a happier note, the staff group change worked just fine though. There are a few others I’d like to standardize as well like the www(it’s apache on RHEL/CentOS) group or the mysql group. But definitely be careful with what groups you decide to migrate over. Backups or ,even mo better, a separate test system are definately your best friend in this situation.
jerky
Recent Comments