[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More than one group for each user

Hi Gabriel and Andreas

> I'm assuming that you are using posixAccount and/or sambaAccount and
> posixGroup as objectclasses to create your users and groups in the
> Directory.

Ok, it´s right.

> When you are working with users and groups in LDAP, and you want to add a
> user to more than one group, then you should go to the group entry (let's
> suppose cn=group1), and add as many  usernames as you want ,each under a
> memberUid attribute.
> dn: cn=group1 , ou=Groups, o=MYDOMAIN
> objectClass: posixGroup
> cn: group1
> gidNumber: 1000
> memberUid: user1
> memberUid: user2
> memberUid: .........
> So, if you want to add a user to multiple groups, you should add the
> username  to every cn=group that you want to make him/her a member of
> like Unix).
> Hope that helps.

Hum. Very good. I was thinking that there was another way to make it. Using
OUs, for example (?). Because using this structure, I have groups with
5.000 "memberUID"s or more. But I imagine that´s normally in LDAP, no?
Thanks a lot for your help and indications. In fact, I didn´t understood
the role of NSS in the context.
Best regards