[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding Members to Groups

Aneela Saleem wrote:
> I have used 'posixGroup' objectClass for creating groups, and
> 'posixAccount' object class for creating users, which uses 'gidNumber'
> property to associate to a specific group (created by posixGroup).

No! This is likeky a big misunderstanding.

The attribute 'gidNumber' in 'posixAccount' entry solely specifies the
*primary* group of a POSIX user account (like in /etc/passwd).

When using traditional 'posixGroup' entries the multi-valued attribute
contains 'memberUID' the usernames of the group members.

> I have to sync LDAP users/groups in Apache Ranger, that uses 'groupOfNames'
> object class and 'member/memberof' property in user object. But in
> 'groupOfNames' objectClass we have to add members at the time of creation
> of group.
> Is there any way that we can add members to already created groups later on?

Yes. With a LDAP modify operation.

Example as LDIF change record:

dn: cn=group 1,dc=example,dc=com
changetype: modify
add: member
member: uid=user1,dc=example,dc=com

Similar for removing group membership etc.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature