my /etc/default/useradd has a 'GROUP' value of 100, yet useradd assigns a per-user group of gid > 500 and assigns that to the user? Or is that actually standard practise?

That is because of /etc/login.defs which is used. It specifies more detail than /etc/defaults/useradd. You will notice that group 100 is the group users. The lowest group an user should be a member of. I'm not sure if you're added to that group by default tho.

Or, of course, have redhat patched useradd.

...

[oliver] duality:/usr/sbin$ ls -la adduser lrwxrwxrwx 1 root root 7 Feb 17 19:08 adduser -> useradd*

sure. In that case, you *still* need to provide a wrapper to magically determine whether to update the ldap store or the system files, or to provide a new useradd to replace the old one.

If you're using ldap to store site wide information that information should only be about human users. "System" (mysql, bin, root, mail) users should probably be in /etc/passwd. They rarely have passwords (except root) anyway. Also if that sort of info wasn't stored in reliable places (ie, in a file) you could stop your system from booting or functioning by DoS'ing slapd or having an incorrect configuration. Even if slapd crashed you could log in as root and restart it. PAM allows for fall back authentication. Later -- Oliver Jones - oliver(a)deeper.co.nz - Mobile: +64-21-41-2238 - Deeper Design Limited - http://www.deeperdesign.com ------------ WLUG - The Waikato Linux Users Group To unsubscribe, send an email to majordomo(a)list.waikato.ac.nz with "unsubscribe wlug" in the body of the message.