[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: automagic memberUid in posixGroup



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Mike Sturdee

> Is there an auto-magic way to have a use be listed under the
> posixGroup
> corresponding to their main group, and removed just the same when
> switching to a different group, or being removed all
> together?

No.

> I'm doing a
> set up with FreeRadius and about 10,000 users split between 5 groups
> depending on their radius profile, and there are a good
> amount of users
> that switch their profile, and it still needs to be kept nice
> and tidy. No
> stale group info laying around.

There's no reason to be touching the posixGroup entries in the first place.
The posixAccount's gidNumber specifies the account's primary group, and an
account is implicitly a member of its primary group, regardless of whether or
not it is explicitly listed in the group. If you administer things the way
Unix is meant to be administered, you don't add users to their primary
groups - that's redundant. And so you don't get any stale group info left
over when someone changes their primary group.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support