FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-06-2010, 06:05 PM
Jacob Bresciani
 
Default ldap: adding user to multiple groups

are you adding users to local groups in /etc/group or are you creating groups in ldap?


On 2010-05-06, at 11:03 AM, aurfalien@gmail.com wrote:

> Hi all,
>
> Not having much luck adding a user to more then 1 group in OpenLDAP
> thats provided in Centos.
>
> Any suggestions to have the outcome of having a user belong to
> multiple groups?
>
> Should I create a new group that has multiple GIDs and assign a user
> to that new group? If so, how?
>
> Thanks in advance.
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-06-2010, 06:32 PM
 
Default ldap: adding user to multiple groups

Sorry for that.
Adding via ldap.
I've tried adding groupOfNames to the users ldif file like so;
objectClass: groupOfNames...member: cn=staff,ou=groups,dc=foo,dc=barmember: cn=pm,ou=groups,dc=foo,dc=barBoth staff and pm are defined as follows;# staff, groups, logan.tv
dn: cn=staff,ou=groups,dc=foo,dc=bar
objectClass: top
objectClass: posixGroup
cn: staff
gidNumber: 20
# pm, groups, foo.bar
dn: cn=pm,ou=groups,dc=foo,dc=bar
objectClass: top
objectClass: posixGroup
cn: pm
gidNumber: 200

But every time I try to ldapmodify, I get;
ldapmodify: Object class violation (65)
additional info: invalid structural object class chain (inetOrgPerson/groupOfNames)



On May 6, 2010, at 11:05 AM, Jacob Bresciani wrote:are you adding users to local groups in /etc/group or are you creating groups in ldap?


On 2010-05-06, at 11:03 AM, aurfalien@gmail.com wrote:

Hi all,

Not having much luck adding a user to more then 1 group in OpenLDAP *
thats provided in Centos.

Any suggestions to have the outcome of having a user belong to *
multiple groups?

Should I create a new group that has multiple GIDs and assign a user *
to that new group? *If so, how?

Thanks in advance.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-06-2010, 06:35 PM
Paul Heinlein
 
Default ldap: adding user to multiple groups

On Thu, 6 May 2010, aurfalien@gmail.com wrote:

> Hi all,
>
> Not having much luck adding a user to more then 1 group in OpenLDAP
> thats provided in Centos.
>
> Any suggestions to have the outcome of having a user belong to
> multiple groups?
>
> Should I create a new group that has multiple GIDs and assign a user
> to that new group? If so, how?

Each posixGroup can have multiple memberUid entries. In our
environment, a memberUid is specified by username (not numeric uid); I
suspect that's normal practice, but you might want to get confirmation
from others.

A user's posixAccount record has no backward mapping of group
memberships; it only contains the standard gidNumber entry.

In short:

1. Define the posixGroup DN
2. Add one or more memberUid entries.

--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-06-2010, 06:44 PM
 
Default ldap: adding user to multiple groups

On May 6, 2010, at 11:35 AM, Paul Heinlein wrote:

> On Thu, 6 May 2010, aurfalien@gmail.com wrote:
>
>> Hi all,
>>
>> Not having much luck adding a user to more then 1 group in OpenLDAP
>> thats provided in Centos.
>>
>> Any suggestions to have the outcome of having a user belong to
>> multiple groups?
>>
>> Should I create a new group that has multiple GIDs and assign a user
>> to that new group? If so, how?
>
> Each posixGroup can have multiple memberUid entries. In our
> environment, a memberUid is specified by username (not numeric uid); I
> suspect that's normal practice, but you might want to get confirmation
> from others.
>
> A user's posixAccount record has no backward mapping of group
> memberships; it only contains the standard gidNumber entry.
>
> In short:
>
> 1. Define the posixGroup DN
> 2. Add one or more memberUid entries.

O, I think I follow.

Say my current group definition in ldap is;

# pm, groups, foo.bar
dn: cn=pm,ou=groups,dc=foo,dc=bar
objectClass: top
objectClass: posixGroup
cn: pm
gidNumber: 200


So would I extend this and add members there instead of in there own
entry? How would it look?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-06-2010, 06:47 PM
Paul Heinlein
 
Default ldap: adding user to multiple groups

On Thu, 6 May 2010, aurfalien@gmail.com wrote:

>> In short:
>>
>> 1. Define the posixGroup DN
>> 2. Add one or more memberUid entries.
>
> O, I think I follow.
>
> Say my current group definition in ldap is;
>
> # pm, groups, foo.bar
> dn: cn=pm,ou=groups,dc=foo,dc=bar
> objectClass: top
> objectClass: posixGroup
> cn: pm
> gidNumber: 200
>
>
> So would I extend this and add members there instead of in there own
> entry? How would it look?

memberUid: bob
memberUid: chad
memberUid: dave

etc...

--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-06-2010, 07:00 PM
 
Default ldap: adding user to multiple groups

On May 6, 2010, at 11:47 AM, Paul Heinlein wrote:

> On Thu, 6 May 2010, aurfalien@gmail.com wrote:
>
>>> In short:
>>>
>>> 1. Define the posixGroup DN
>>> 2. Add one or more memberUid entries.
>>
>> So would I extend this and add members there instead of in there own
>> entry? How would it look?
>
> memberUid: bob
> memberUid: chad
> memberUid: dave
>

Wow, how elegant is that?

Very very cool, thanks much for the tips.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-06-2010, 07:00 PM
Arun Khan
 
Default ldap: adding user to multiple groups

On Thu, May 6, 2010 at 11:33 PM, <aurfalien@gmail.com> wrote:
> Not having much luck adding a user to more then 1 group in OpenLDAP
> thats provided in Centos.
>
> Any suggestions to have the outcome of having a user belong to
> multiple groups?
>
> Should I create a new group that has multiple GIDs and assign a user
> to that new group? *If so, how?
>

A different twist from the solutions suggested so far.

Even though you may not require the SMB extensions, the smbldaptools
may be worth looking into. It's toolset are similar to the regular
Linux user management tools, with the backend taking care of
populating the LDAP DIT and you keeping your sanity

I have deployed a few production LDAP setups on CentOS 5.3, where
users were members of multiple groups.

HTH,
-- Arun Khan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org