aurfalien at gmail.com
2010-May-06 18:03 UTC
[CentOS] ldap: adding user to multiple groups
Hi all, Not having much luck adding a user to more then 1 group in OpenLDAP thats provided in Centos. Any suggestions to have the outcome of having a user belong to multiple groups? Should I create a new group that has multiple GIDs and assign a user to that new group? If so, how? :) Thanks in advance.
are you adding users to local groups in /etc/group or are you creating groups in ldap? On 2010-05-06, at 11:03 AM, aurfalien at gmail.com wrote:> Hi all, > > Not having much luck adding a user to more then 1 group in OpenLDAP > thats provided in Centos. > > Any suggestions to have the outcome of having a user belong to > multiple groups? > > Should I create a new group that has multiple GIDs and assign a user > to that new group? If so, how? :) > > Thanks in advance. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
On Thu, 6 May 2010, aurfalien at gmail.com wrote:> Hi all, > > Not having much luck adding a user to more then 1 group in OpenLDAP > thats provided in Centos. > > Any suggestions to have the outcome of having a user belong to > multiple groups? > > Should I create a new group that has multiple GIDs and assign a user > to that new group? If so, how? :)Each posixGroup can have multiple memberUid entries. In our environment, a memberUid is specified by username (not numeric uid); I suspect that's normal practice, but you might want to get confirmation from others. A user's posixAccount record has no backward mapping of group memberships; it only contains the standard gidNumber entry. In short: 1. Define the posixGroup DN 2. Add one or more memberUid entries. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
On Thu, May 6, 2010 at 11:33 PM, <aurfalien at gmail.com> wrote:> Not having much luck adding a user to more then 1 group in OpenLDAP > thats provided in Centos. > > Any suggestions to have the outcome of having a user belong to > multiple groups? > > Should I create a new group that has multiple GIDs and assign a user > to that new group? ?If so, how? :) >A different twist from the solutions suggested so far. Even though you may not require the SMB extensions, the smbldaptools may be worth looking into. It's toolset are similar to the regular Linux user management tools, with the backend taking care of populating the LDAP DIT and you keeping your sanity :) I have deployed a few production LDAP setups on CentOS 5.3, where users were members of multiple groups. HTH, -- Arun Khan