Re: Local group and ldap user combination

[Dan White <dwhite@olp.net>]

On 03/14/13 12:52 +0000, Gerhardus Geldenhuis wrote:
> Hi
> Admittedly this is slightly OT but I were hoping someone could point me in
> the right direction.
>
> I want to be able to grant LDAP users group membership to local groups on a
> Ubuntu box. For example the adm group.
>
> How would I go about doing this?
>
> As a very quick test I created a adm group in ldap but it is not having the
> desired effect. Output from getent group | grep arm
>
> adm:x:4:
> adm:*:4:uid=ggeldenhuis,ou=People,dc=example,dc=com
>
> The first adm group is the local file group and the second my ldap group.
>
> Am I going about this in the wrong way... ?

You apparently have this in your ldap tree:

memberUid: uid=ggeldenhuis,ou=People,dc=example,dc=com

for your adm group. Instead, that should be:

memberUid: ggeldenhuis

Regardless, your group names and guids *should* be unique to the system. 

You could remove the entry that's located in /etc/group or, instead of
creating an ldap adm group, you could specify a gidNumber of 4 for
uid=ggeldenhuis, which will place the user in the group - 'groups
ggeldenhuis' should then report the user as a member of adm.

--
Dan White