Hello Jordan, et al:

Today I was reading my documentation for running a separate OpenLDAP daemon on an Xserve running Leopard Server. I installed the openldap MacPort (which is based on OpenLDAP version 2.3.35) and I was somewhat surprised that the installation created a user with short name "ldap" and a UID of 500 (with a group short name of "ldap" and a gid of 502). The reason this surprised me is that Apple ships with Leopard Server a compilation instance of OpenLDAP 2.3.27 which is of course the basis for OpenDirectory, and which slapd daemon is run by root apparently at boot time (I presume there is a launchd plist for this but I haven't looked yet).

Now, therefore, considering the logic of using underscores as prefixes to avoid namespace collisions since the founders of Unix didn't consider this to be a problem in the 1970s / 1980s, and considering the examples of uids and gids whose corresponding short names that reside in the local domain directory that Apple ships with Leopard Server are, in examples:

_postfix
_postdrop
_guest
_xgridagent
_spotlight
_mysql
_svn
_www
_jabber
_sshd

and the list goes on ...

Why oh why do I not see (when I search the local directory domain of my Leopard Server 10.5.1 instance using WorkgGroup Manager to search on names with underscores in them):

_ldap ???

Am I out of my mind that the ommission of "_ldap" is illogical and without basis and is inconsistent with the namespace issue that has been raised herein this discussoin thread thus far? Would it not be possible, for example, for a person to accidentally choose a short user name of "ldap" just as they might also accidentally do so with a name such as "postfix"? Why does life have to be so complicated -- meaning, why do humans create their own unnecessary complexity? We have too many rules we have to remember. Where oh where is my missing friend in Leopard's local directory domain named, "_ldap"? Thus as a result, the openldap MacPort created a separate user account named "ldap". Ugh!

Thanks,

T.M.

On 1/5/08, Tabitha McNerney <tabithamc@gmail.com> wrote:


On 1/4/08, Jordan K. Hubbard < jkh@apple.com> wrote:
This is because the original designers of Unix neglected to take into
account the notion of user namespaces - the namespace is flat.  That
means that system or role specific names can conflict with names that
users would like to use for themselves ( c.f. "admin" or "operator")
unless you adopt a convention for keeping them separate.  That
convention is the prefix underscore.

- Jordan

Jordan,

Thank you very much. Makes perfect sense. Its hard to find fault with the original designers of Unix (they probably never would have guessed, decades later, that individuals in the comfort of their own homes would run Unix on a machine that sits in their lap)!

Best,

T.M.

On Jan 4, 2008, at 5:29 PM, Tabitha McNerney wrote:

> Hello all --
>
> I just installed the current version of the Postfix port (version
> 2.4.6) on a Leopard Server system.
>
> After the install, I noticed a username and group name of "_postfix"
> and "_postdrop" respectively, as in:
> drwx--x---  2 _postfix  _postdrop  102 Jan  4 23:06 public/
> drwx-wx---  2 _postfix  _postdrop  102 Jan  4 23:06 maildrop/
> This differs from previous Postfix port installations (UID 27 was
> "postfix" not "_postfix"). This isn't really a MacPorts specific
> issue but I'm wondering if anyone knows why Apple changed their
> naming schema on Leopard, for short names such as:
>
> from "postfix" to "_postfix"
>
> ?
>
> I wonder if this has something to do with becoming fully UNIX
> compliant? POSIX?
>
> Mr. Jordan Hubbard, can you offer some wisdom and perspective on
> this subject?
>
> Thank you,
>
> T.M.
>