[Date Prev][Date Next] [Chronological] [Thread] [Top]

gidNumber attribute inside group & member

Hi all,
I need some clarification regarding how permissions of members are taken care when they login to a client machine. As I understand "gidNumber" that I give while creating group entry(like "gidNumber" "4" for "qagroup", which refers to "gid" of "adm" group on a linux machine /etc/group), so permissions of that group are assigned to members of "qagroup" i.e. ldap1 & ldap2 when they login to any client. Is that correct?

It is confusing because, members ldap1 & ldap2 belong to posixAccount objectclass which also requires gidNumber as required attribute. So does gidNumber values mentioned in member's entry get overwritten by gidNumber attribute inside their group i.e "qagroup"? What about the case where single member is added to multiple groups? what permissions does the member get when he logs on to particular machine?

ldif input:
dn: uid=ldap1,ou=Users,dc=test,dc=com
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/ldap1
loginShell: /bin/bash
cn: ldap1
uidNumber: 10000
gidNumber: 500  <=============
sn: ldap1
mobile: 987777787
physicalDeliveryOfficeName: ravi
userPassword: ldap1
uid: ldap1

dn: cn=qagroup,ou=Groups,dc=test,dc=com
cn: qagroup
gidNumber: 4  <===============
objectClass: posixGroup
memberUid: uid=ldap1,ou=Users,dc=test,dc=com
memberUid: uid=ldap2,ou=Users,dc=test,dc=com

Thanks in advance