[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Assigning Groups to LDAP users

On Wednesday, 10 August 2011 10:11:17 pradyumna dash wrote:
> Guys,
> I have a query, lets take a scenario :
> Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
> "ITTech", What is needed is like say when a user "bob" logging
> in to "Server1" he will get the group "Admin", but when he logs in to
> "Server2" he will get group "ITTech".  Also it may vary for different users
> like when "Kris" logs in to Server1 he may get a group called "ITTech" and
> when he logs in to "Server2"  he will get some other group say "Security".
> Can it be possible by OpenLDAP ?

IMHO, this is a bad idea. It will specifically be problematic if you have any 
files shared/replicated/backed up between servers (e.g. via NFS).

> If this is achieved then we are planning
> to have SUDO files based on the grooups.

It would be much more effective to have your sudo rules in LDAP, and apply a 
rule to a set of users/groups to a collection/netgroup of hosts.