[chef] Gettings users from ldap instead of databag

[Arnold Krille < >]

Hi all,

this might be a faq, please forgive me.

I do encounter more and more cookbooks which get user-definitions from a 
databag. I like the idea of a central user database but I like it so much I 
implemented ldap to store users and groups.

Now its not a problem telling a system or a service to use ldap (gotta hack 
the munin::server for this:).
But one idea some friends here implement in there system is that 
authentications except login happen against ldap while login uses local 
users. 
And these local users are rendered from ldap.

Now I would like to make search(:users,...) search the ldap-repo instead of 
the users-databag and provide users-from-ldap as a drop-in replacement. That 
way its usable for login-users as well as for apache2/etc authentication...

Is there any way to use an ldap-resource as provider for the databag search?
Or should I just hack a script to create the databag from the ldap repo? How 
do you guys manage the users databag?

Thanks for your comments,

Arnold

Attachment: signature.asc
Description: This is a digitally signed message part.