Avoiding Duplication - Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010 Implementation Manual

The users Group
There is another default system-created group named
nevertheless created on all SLES 10 (and therefore, OES 2) servers.
Creating an eDirectory group named
the shadow group, nothing prevents you from using this name.
Unfortunately, having a LUM-enabled eDirectory group named
for services requiring POSIX access. The local
enabled group in eDirectory won't be seen by POSIX.
users
NOTE: Do not confuse eDirectory Group objects with Organizational Unit (OU) container objects.
Creating an OU container in eDirectory named
with POSIX.
Other Non-System Groups
Conflicts between group and user names also occur when administrators create local and eDirectory
groups with the same name.
For example, one administrator creates a group named
creates a LUM-enabled group in eDirectory with the same name. Again, the LUM-enabled users
who are members of the eDirectory group won't have access through POSIX.
This is why we recommend that, as a general rule, administrators should not create local users or
groups on OES 2 servers. You should only make exceptions when you have determined that using
LUM-enabled users and groups is not a viable option and that objects with the same names as the
POSIX users and groups will not be created in eDirectory in the future.

6.2.3 Avoiding Duplication

Having duplicate users and groups is easily avoided by following these guidelines:

"Use YaST to List All System-Created Users and Groups" on page 61

"Create Only eDirectory Users and Groups" on page 62
Use YaST to List All System-Created Users and Groups
We recommend that you use the YaST Group Management/User Management module to check for
names you might duplicate by mistake.
1. Open the YaST Control Center.
2. Click either Group Management or User Management.
3. Click Set Filter > Customize Filter.
4. Select both options (Local and System), then click OK.
All users or groups as displayed, including those that exist only in eDirectory and are LUM-
enabled.
5. To avoid duplication, keep this list in mind as you create eDirectory users and groups.
that is not used by OES 2 services but is
users
would seem logical to many administrators. And as with
users
group is always checked first, and the LUM-
users
is a valid option and does not create conflicts
users
myusers
is not a viable configuration
users
on the local system and another
Caveats for Implementing OES 2 Services 61