[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap group issue on centos 5.5 - all users automatically get put into newly created group

To: openldap-technical@openldap.org
Subject: openldap group issue on centos 5.5 - all users automatically get put into newly created group
From: Janet Houser <janet.l.houser@gmail.com>
Date: Sat, 13 Dec 2014 03:21:02 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=XBzYnyn2MhUFRlcrLhC4dliH/YBL9kPgOxoebnj9w+0=; b=cz3iS0E68ZUGifR5jOYHZ6koOtumLEBTXLWIe/4sImJ0kfiWcyIhF62snl4XtNbpCa SgwDUXrqUI442vFlUu9HjzsBAMr1dbgZwdcBP7ld1PeTw8HWLe0Wb7oSobG0MD89SLqQ PzLieipVrI2zL3uojkJyZqxQGWE3mGzmAf3UD4cRTyoysBZpn57PDbfJi5fyTLEDIR1B zRph3xxtlwvcavLvyxwgrOJADPvZEvHKrgTDad7HYCwo7T3mNZdvBQQfnWMhmUm/sP+X +ijvjP7tMLc+US8SxSmh1/xOBhoTjI7l/AF4zod25gJZjxCn4/uniE6UgG1YE34dwPNw L6zA==
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

Hi,

I created a dit on a Centos 6.5 box that looks something like this:

 ........dc=name,dc=com................................
         |                     |                                 |
         |                     |                                 |
    ou=users      ou=systems...........         ou=policies
    |                         |                   |               |
    |                         |                   |               |
    user1         cn=group1   cn=group2       cn=ppolicy
    user2          |                     |
    user3          |                     |
                       |                     |
                   user1                user2
                   user2                user3

I created my users, and I added sever "linux groups" using the ldif file:


dn: cn=dev,ou=systems,dc=ehs,dc=edu
cn: dev
gidNumber: 4005
objectClass: posixGroup

My goal was to simulate an entry that you'd find in the /etc/group file
on a linux system.  So if I added people to this group using the ldif
file:


dn: cn=dev,ou=systems,dc=ehs,dc=edu
changetype: modify
add: memberuid
memberuid: user1
memberuid: user2

So while user1 and user2 are in the default group "users", I wanted themto beable to change the group on their files to "dev" in order to protecttheir development

files.

Now, this seemed to work, and when I went on my client and did a command"groups user1",

I saw "users" and "dev"

However yesterday I added another group called "team0" with gid 22222using the following ldif

file:

dn: cn=team0,ou=systems,dc=ehs,dc=edu
cn: team0
gidNumber: 22222
objectClass: posixGroup

When I was logged into my client machine (Centos 5.5 box) and did agroups on an olduser, it showed "users", "dev" and now "team0" although I never addedthat user to the new

group.

I cleaned the client cache using the nscd -i invalidate=group command,and then I removedall the cached directories in /var/db/nscd, and rebooted, but that newgroup seems to have been

applied to everyone.

I might have screwed up the creation of my DIT, but I was thinking thatthings were workingok since I could added "unix groups" that are visible with the "getentgroup" command on a client,I could add users into these groups and changed the group of files tolock out some users, but

I don't understand this behavior now.

I have about 6 groups defined and the last one I created yesterday isthe only one that seems to

get applied to all users.

I'd appreciate any help you could give.... I'm scratching my head onthis one.


Thanks.

Follow-Ups:
- Re: openldap group issue on centos 5.5 - all users automatically get put into newly created group
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: DOS/Windows command to query OpenLDAP
Next by Date: Re: openldap group issue on centos 5.5 - all users automatically get put into newly created group
Index(es):
- Chronological
- Thread