[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: More than one group for each user

Title: RE: More than one group for each user

Hi, Gabriel,

I'm a LDAP newbee and appreciated your answer to the attached question.

I'd like to ask a follow-up question if you don't mind.

Does LDAP support different primary/secondary groups for the same user on different client machines?

For example, if I have User1 on two machines defined as follows:

        Group1          Primary
        Group3          Secondary
        Group6          Secondary

        Group4          Primary
        Group6          Seconadry
        Group10 Secondary

I am using the PosixAccount and PosixGroup object class.  To date, I have only created LDAP records on the same  machine where the LDAP server is loaded.  I need to incorporate other servers into the configuration.

Thanx for any suggestions you or others might have,

Joe Jadick      

-----Original Message-----
From: Gabriel Maffia [mailto:gmaffia@technisys.net]
Sent: Monday, July 28, 2003 9:15 AM
To: luiz@pucrs.br; openldap-software@OpenLDAP.org
Subject: Re: More than one group for each user

I'm assuming that you are using posixAccount and/or sambaAccount and
posixGroup as objectclasses to create your users and groups in the

When you are working with users and groups in LDAP, and you want to add a
user to more than one group, then you should go to the group entry (let's
suppose cn=group1), and add as many  usernames as you want ,each under a
memberUid attribute.

dn: cn=group1 , ou=Groups, o=MYDOMAIN
objectClass: posixGroup
cn: group1
gidNumber: 1000
memberUid: user1
memberUid: user2
memberUid: .........

So, if you want to add a user to multiple groups, you should add the
username  to every cn=group that you want to make him/her a member of (just
like Unix).

Hope that helps.


----- Original Message -----
From: <luiz@pucrs.br>
To: <openldap-software@OpenLDAP.org>
Sent: Monday, July 28, 2003 11:45 AM
Subject: More than one group for each user

> Hello
> I´m sorry if this is a stupid question (and for my poor english), but I´m
> bit confused about the group attributions in LDAP.
> I have some users that need to belong to more than one group, but I only
> found the "gidNumber" attribute, for the primary group. Is there one
> attribute for the secondary groups? Or the approaching to solve the
> is different in LDAP? I´m thinking in UNIX terms...
> Let me try to explain better.
> For example: I need to create one SAMBA share for each discipline of our
> educational intitution. The teacher of the discipline needs to map this
> share. But Martin is the teacher of 5 disciplines. Actually, I was create
> one Unix user and group for each discipline and added the user "martin" in
> each group of each discipline. Like this:
> disc1: martin
> disc2: fred
> disc3: martin
> disc4: arthur
> disc5: martin,arthur, franck
> disc6: martin,carl
> disc7: martin,jess
> Then, I set SAMBA server to permit the login and the work of all members
> the group. There are also graduation students that belonging to some
> research project, with a separeted share. Then, the student nees to map 2
> or 3 different shares.
> I didn´t understand how to make this using LDAP. :-(
> Can anyone help me? I think it´s something very simple that I couldn´t see
> in the docs...
> Thank you very much to all.


This message contains confidential information intended only for the use of the addressee(s)

named above and may contain information that is legally privileged.  If you are not the

addressee, or the person responsible for delivering it to the addressee, you are hereby
notified that reading, disseminating, distributing or copying this message is strictly prohibited. 

If you have received this message by mistake, please immediately notify us by replying to the

message and delete the original message immediately thereafter.


Thank you.                                                                                                       FADLD Tag