[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Assigning Groups to LDAP users

To: openldap-technical@openldap.org
Subject: Re: Assigning Groups to LDAP users
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 12 Aug 2011 17:40:50 +0200
Cc: pradyumna dash <neomatrixgem@gmail.com>
In-reply-to: <CA+LU3B4xWT=GR7fbdX-xBePiBuOVNYLmswyTxdM+Z0beHUFMYw@mail.gmail.com>
References: <CA+LU3B4xWT=GR7fbdX-xBePiBuOVNYLmswyTxdM+Z0beHUFMYw@mail.gmail.com>
User-agent: KMail/1.13.5 (Linux/2.6.33.7-desktop-2.1mnb; KDE/4.4.5; x86_64; ; )

On Wednesday, 10 August 2011 10:11:17 pradyumna dash wrote:
> Guys,
> 
> I have a query, lets take a scenario :
> 
> Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
> "ITTech", What is needed is like say when a user "bob" logging
> in to "Server1" he will get the group "Admin", but when he logs in to
> "Server2" he will get group "ITTech".  Also it may vary for different users
> like when "Kris" logs in to Server1 he may get a group called "ITTech" and
> when he logs in to "Server2"  he will get some other group say "Security".
> Can it be possible by OpenLDAP ?

IMHO, this is a bad idea. It will specifically be problematic if you have any 
files shared/replicated/backed up between servers (e.g. via NFS).

> If this is achieved then we are planning
> to have SUDO files based on the grooups.

It would be much more effective to have your sudo rules in LDAP, and apply a 
rule to a set of users/groups to a collection/netgroup of hosts.

Regards,
Buchan

Follow-Ups:
- Re: Assigning Groups to LDAP users
  - From: Dmitriy Kirhlarov <dimma@higis.ru>

References:
- Assigning Groups to LDAP users
  - From: pradyumna dash <neomatrixgem@gmail.com>

Prev by Date: Re: seg fault with TLS syncrepl ?
Next by Date: Re: Assigning Groups to LDAP users
Index(es):
- Chronological
- Thread