this might be a faq, please forgive me.
I do encounter more and more cookbooks which get user-definitions from a
databag. I like the idea of a central user database but I like it so much I
implemented ldap to store users and groups.
Now its not a problem telling a system or a service to use ldap (gotta hack
the munin::server for this:).
But one idea some friends here implement in there system is that
authentications except login happen against ldap while login uses local users.
And these local users are rendered from ldap.
Now I would like to make search(:users,…) search the ldap-repo instead of
the users-databag and provide users-from-ldap as a drop-in replacement. That
way its usable for login-users as well as for apache2/etc authentication…
Is there any way to use an ldap-resource as provider for the databag search?
Or should I just hack a script to create the databag from the ldap repo? How
do you guys manage the users databag?
Thanks for your comments,