I've done some updates to my LDAP Authentication in Debian Sarge HOWTO. I added a note about how allowing LDAP clients' root users to have administrative access to the LDAP directory by putting the admin password in a root-only readable file may not be so secure. This method makes it really easy for utilities to do LDAP administration when run by the root user, but writing important passwords to disk in the clear is yucky, even if the file is only readable by root. Perhaps some day I'll write more about alternative strategies like using slapd's ACLs to allow users in certain groups to modify any entry, thus making it so administrative users can just use their normal LDAP password to authenticate when they need to do administrator things.
The other update is a note about a race condition in the add user and group scripts I wrote and link to in the HOWTO. If more than one instance of one of these scripts is running at once, it's very possible to create two users or groups with the same numeric ID. I don't have any plans to fix these scripts, so if you use 'em, make sure only one instance of each is running at once against any given LDAP directory! I'm working on a (hopefully) really cool LDAP administration tool at work that will more intelligently check for available UIDs/GIDs, and will post here when that's released.
