[Date Prev][Date Next]
Re: Assigning Groups to LDAP users
On Wednesday, 10 August 2011 10:11:17 pradyumna dash wrote:
> I have a query, lets take a scenario :
> Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
> "ITTech", What is needed is like say when a user "bob" logging
> in to "Server1" he will get the group "Admin", but when he logs in to
> "Server2" he will get group "ITTech". Also it may vary for different users
> like when "Kris" logs in to Server1 he may get a group called "ITTech" and
> when he logs in to "Server2" he will get some other group say "Security".
> Can it be possible by OpenLDAP ?
IMHO, this is a bad idea. It will specifically be problematic if you have any
files shared/replicated/backed up between servers (e.g. via NFS).
> If this is achieved then we are planning
> to have SUDO files based on the grooups.
It would be much more effective to have your sudo rules in LDAP, and apply a
rule to a set of users/groups to a collection/netgroup of hosts.