[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Assigning Groups to LDAP users

On 10/08/2011 09:11, pradyumna dash wrote:

Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
"ITTech", What is needed is like say when a user "bob" logging
in to "Server1" he will get the group "Admin", but when he logs in to "Server2"
he will get group "ITTech".  Also it may vary for different users
like when "Kris" logs in to Server1 he may get a group called "ITTech" and when
he logs in to "Server2"  he will get some other group say "Security".

I tried this ages ago with a mapping for nss_ldap along these lines:

nss_map_attribute gidNumber gidNumberServer1

gidNumberServer1 being a custom attribute holding the primary GID to be used for Server1.

Unfortunately nss_ldap didn't like this, and the groups couldn't be looked up with 'getent group'.

See the discussion at <http://old.nabble.com/nss_map_attribute-gidNumber-problem-td27545035.html> - there was a possible solution suggested which is in a draft RFC, but the link to it no longer works.

Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                 http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom