[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More than one group for each user

I'm assuming that you are using posixAccount and/or sambaAccount and
posixGroup as objectclasses to create your users and groups in the

When you are working with users and groups in LDAP, and you want to add a
user to more than one group, then you should go to the group entry (let's
suppose cn=group1), and add as many  usernames as you want ,each under a
memberUid attribute.

dn: cn=group1 , ou=Groups, o=MYDOMAIN
objectClass: posixGroup
cn: group1
gidNumber: 1000
memberUid: user1
memberUid: user2
memberUid: .........

So, if you want to add a user to multiple groups, you should add the
username  to every cn=group that you want to make him/her a member of (just
like Unix).

Hope that helps.


----- Original Message ----- 
From: <luiz@pucrs.br>
To: <openldap-software@OpenLDAP.org>
Sent: Monday, July 28, 2003 11:45 AM
Subject: More than one group for each user

> Hello
> I´m sorry if this is a stupid question (and for my poor english), but I´m
> bit confused about the group attributions in LDAP.
> I have some users that need to belong to more than one group, but I only
> found the "gidNumber" attribute, for the primary group. Is there one
> attribute for the secondary groups? Or the approaching to solve the
> is different in LDAP? I´m thinking in UNIX terms...
> Let me try to explain better.
> For example: I need to create one SAMBA share for each discipline of our
> educational intitution. The teacher of the discipline needs to map this
> share. But Martin is the teacher of 5 disciplines. Actually, I was create
> one Unix user and group for each discipline and added the user "martin" in
> each group of each discipline. Like this:
> disc1: martin
> disc2: fred
> disc3: martin
> disc4: arthur
> disc5: martin,arthur, franck
> disc6: martin,carl
> disc7: martin,jess
> Then, I set SAMBA server to permit the login and the work of all members
> the group. There are also graduation students that belonging to some
> research project, with a separeted share. Then, the student nees to map 2
> or 3 different shares.
> I didn´t understand how to make this using LDAP. :-(
> Can anyone help me? I think it´s something very simple that I couldn´t see
> in the docs...
> Thank you very much to all.