[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mapping gid numbers

At Tue, 23 Jul 2019 18:00:51 +0000 (UTC) JC <lovecraftesque@yahoo.com> wrote:

> My question is not strictly an LDAP one, but perhaps somebody here with
> experience in the LDAP and Linux worlds can throw some light on it.
> I understand how to map attributes, as defined in an LDAP server, to other
> attributes in a Linux when the NSS framework is used in the latter. Is it
> possible to map values of attributes? Let's say I have an OpenLDAP server
> that defines a certain group with a gid number 10000. Would it be possible
> to map that 10000 to (say)�  5000 in the Linux system? That is, every time
> an operation is executed in the Linux system that uses the group
> information, the gid would be retrieved from the OpenLDAP server as 10000,
> and automatically be converted to 5000. Can this be done?

I am not sure I understand the point of this.  The "numbers" are only of 
interest to the machine.  The usual thing is to map some human meaningful 
symbol (eg the accounting department) to some number used by the computers -- 
eg the group accounting would have some number, say 5000.  *Humans* would see 
"accounting" but internally the computers would see 5000 -- the LDAP server or 
the /etc/group file would have a mapping from "accounting" and 5000.  So long 
as each group has some unique (internal) number, why would you need or want to 
map different *numbers* to other *numbers*?  Unless you have two systems using 
*different* numbers for the same logical group.  Then you have a different set 
of problems.  My thought would be to change things so that all of the systems 
agree on the *numbers*, probably by doing a global search and replace 
(probably using some sort of script).


Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller@deepsoft.com       -- Webhosting Services