[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What will happen if a user is a member of a group, but has another group as its primary group

Le 01/08/2012 16:21, Qian Zhang a écrit :

In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using "LDAP
Admin" as LDAP client tool). For example, in group1, I can see user1
as its "memberUid" attribute, but the "gidNumber" attribute of user1
is group2.

I'd like to know if this is a reasonable configuration, and in this
case, should I consider user1 as the member of group2 too? For
example, if I configure a machine to only allow gruop2 to login, can
user1 log into that machine?

BTW, I do not know how to configure PAM to only allow a group or some
groups to login the machine, if anyone can tell me the steps, it will
be really appreciated!
Actually, those kind of question are not specific to openldap, nor to any other ldap implementation. You'll probably have better answers on dedicated mailing list, such as nss_ldap user list for instance.

Also, you can get the answer to your questions quite easily by editing directly good old /etc/{passwd,group} plain text files, and getent/id commands.
BOFH excuse #217:

The MGs ran out of gas.