[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What will happen if a user is a member of a group, but has another group as its primary group

To: Dan White <dwhite@olp.net>
Subject: Re: What will happen if a user is a member of a group, but has another group as its primary group
From: Qian Zhang <zhq527725@gmail.com>
Date: Fri, 3 Aug 2012 09:13:53 +0800
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=i28SNv+uRWTtPLhVbNhtGqxPCInWm4DnKRihkEt5Gd0=; b=A00KvQPrp41MfG9JTdHFQt25TWnuAfEojacikLQ/1s5mqLDS+ltytBg41E4j+4lCSi wMgcwZoqiBHZYGr9aXbQR50x8GS5NCoUz6iUomFj3DPW/q4G+pamYELWipBC8Ir+1eXA maeuHD292UDlcuP9HKEZZMPf3+QHvMpvUACX1WmSuBJ6fzEVwRO6f6HBT6x6Wj9fpP23 /2Vwg4BdFVnBZb3TcIBXiSdd62R4JHWli+AiWDhqd17Cszn/w3m/MdLKArEnmApfEe8i QsxXw+WYTttArTYY+4MztOFBEb35Z4R+qH3PTFDaQJhTRYNg4bREFbcCKm9nlMBIyHKK uGmQ==
In-reply-to: <20120801161952.GK6637@dan.olp.net>
References: <CABY6VOZ8kx34f3nAbJQHUch=7WYoZjNYB+ux--29eFwyNJ4WuA@mail.gmail.com> <20120801150033.GF6637@dan.olp.net> <20120801161952.GK6637@dan.olp.net>

> If your applications use getgrouplist(3), then you can't just ignore the
> gidNumber (see the manpage for details) from the passwd database, but you
> could change the gidNumber to match the secondary group if you're not
> concerned about the default gidNumber.
>
> If your applications are PAM aware, then you have more flexibility in how
> your users are authenticated, and may not need to depend on an ldap nss
> configuration and the gidNumber attribute.

One of use cases in my application is, OpenLDAP client will be
installed in machines, and for each machine, it will be configured
(with PAM) to only allow a specific LDAP group to login it. In this
case, I am not sure if I need to care about gidNumber attribute or
not, i.e., in my previous example, can user1 log into the machine
which has been configured to only allow group2 to login?


Thanks,
Qian

Follow-Ups:
- Re: What will happen if a user is a member of a group, but has another group as its primary group
  - From: Dan White <dwhite@olp.net>

References:
- Re: What will happen if a user is a member of a group, but has another group as its primary group
  - From: Qian Zhang <zhq527725@gmail.com>
- Re: What will happen if a user is a member of a group, but has another group as its primary group
  - From: Dan White <dwhite@olp.net>
- Re: What will happen if a user is a member of a group, but has another group as its primary group
  - From: Dan White <dwhite@olp.net>

Prev by Date: Trying make a replication
Next by Date: Re: What will happen if a user is a member of a group, but has another group as its primary group
Index(es):
- Chronological
- Thread