[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP groups and Unix users

To: <openldap-technical@openldap.org>
Subject: OpenLDAP groups and Unix users
From: "Stephen Parry" <sgparry@mainscreen.com>
Date: Sun, 12 Apr 2009 15:49:40 +0100
Thread-index: Acm7feYGMwm8Q0XsS1iFwGMrQQ2Wqw==

Thanks in advance for any answers to this query, and thanks to the geniuses
who wrote and maintain OpenLDAP.

I have OpenLDAP running on my Ubuntu Intrepid server. I have installed the
various PAM and NSS bits and pieces to allow integrated authentication. I
can now use users and groups stored in LDAP database to do shell logins,
permission files and authenticate Apache secure connections (hooray!). It
also is set up so that Unix user accounts and groups still function outside
of LDAP as expected.

However, there is one quirk to this. I can make LDAP users members of Unix
groups and this works fine. I cannot however do the equivalent: make Unix
users working members of LDAP groups. I can put them in the groups, but the
the system command "id -nG" does not list the LDAP groups and the filesystem
fails to pick up the permissions.

Is this behaviour by design? Can the relevant modules be configured to allow
LDAP groups have Unix users as members?

Follow-Ups:
- Re: OpenLDAP groups and Unix users
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: ./scripts/test021-certificate failed
Next by Date: search for "dynamic" calculated attribute's value (bdb_equality_candidates: not indexed)
Index(es):
- Chronological
- Thread