Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   ldap: adding user to multiple groups (http://www.linux-archive.org/centos/367328-ldap-adding-user-multiple-groups.html)

05-06-2010 07:22 PM

ldap: adding user to multiple groups
 
On May 6, 2010, at 12:00 PM, Arun Khan wrote:

> On Thu, May 6, 2010 at 11:33 PM, <aurfalien@gmail.com> wrote:
>> Not having much luck adding a user to more then 1 group in OpenLDAP
>> thats provided in Centos.
>>
>> Any suggestions to have the outcome of having a user belong to
>> multiple groups?
>>
>> Should I create a new group that has multiple GIDs and assign a user
>> to that new group? If so, how? :)
>>
>
> Even though you may not require the SMB extensions, the smbldaptools
> may be worth looking into. It's toolset are similar to the regular
> Linux user management tools, with the backend taking care of
> populating the LDAP DIT and you keeping your sanity :)

Thanks Arun,

But you assume too much, I have no sanity left to keep :)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Paul Heinlein 05-06-2010 08:00 PM

ldap: adding user to multiple groups
 
On Fri, 7 May 2010, Arun Khan wrote:

> Even though you may not require the SMB extensions, the smbldaptools
> may be worth looking into. It's toolset are similar to the regular
> Linux user management tools, with the backend taking care of
> populating the LDAP DIT and you keeping your sanity :)

+1

That's what we use. Makes my life much easier...

--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Arun Khan 05-07-2010 05:20 AM

ldap: adding user to multiple groups
 
On Fri, May 7, 2010 at 12:52 AM, <aurfalien@gmail.com> wrote:
> On May 6, 2010, at 12:00 PM, Arun Khan wrote:
>
>>
>>
>> Even though you may not require the SMB extensions, the smbldaptools
>> may be worth looking into. *It's toolset are similar to the regular
>> Linux user management tools, with the backend taking care of
>> populating the LDAP DIT and you keeping your sanity :)
>
> Thanks Arun,
>
> But you assume too much, I have no sanity left to keep :)

I know what you mean. I was going nuts with one client (who thought
he knew LDAP just because he had done a prototype setup on a Mac OS X
server) because he was mucking around with the DIT (on the Mac
platform). That is when I switched him to openLDAP and smbldaptools
on Linux and reclaimed my sanity :)

Another tool that I forgot to mention is LDAP Account Manager (lam);
there is an open source as well a commercial support version. It is
web based; ideal for the CLI phobic admins. You can delegate
authority to non technical staff like HR for disabling users and
groups ...

Luck,
-- Arun Khan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

05-08-2010 02:04 PM

ldap: adding user to multiple groups
 
On May 6, 2010, at 10:20 PM, Arun Khan wrote:

> On Fri, May 7, 2010 at 12:52 AM, <aurfalien@gmail.com> wrote:
>> On May 6, 2010, at 12:00 PM, Arun Khan wrote:
>>
>>>
>>>
>>> Even though you may not require the SMB extensions, the smbldaptools
>>> may be worth looking into. It's toolset are similar to the regular
>>> Linux user management tools, with the backend taking care of
>>> populating the LDAP DIT and you keeping your sanity :)
>>
>> Thanks Arun,
>>
>> But you assume too much, I have no sanity left to keep :)
>
> Another tool that I forgot to mention is LDAP Account Manager (lam);

I tried that a while back, together with webmin and that php thing.

I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP so
that a jr sys admin could manage our intranet based services. But
with LDAP, webmin doesn't seem to like adding users to groups and
errors out.

So I just hand edit an ldif for now and ldapmodify.

I'll revisit the webmin error regarding adding users to groups and see
whats going on.

Thanks for all the good tips.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Craig White 05-08-2010 04:37 PM

ldap: adding user to multiple groups
 
On Sat, 2010-05-08 at 07:04 -0700, aurfalien@gmail.com wrote:
> On May 6, 2010, at 10:20 PM, Arun Khan wrote:
>
> > On Fri, May 7, 2010 at 12:52 AM, <aurfalien@gmail.com> wrote:
> >> On May 6, 2010, at 12:00 PM, Arun Khan wrote:
> >>
> >>>
> >>>
> >>> Even though you may not require the SMB extensions, the smbldaptools
> >>> may be worth looking into. It's toolset are similar to the regular
> >>> Linux user management tools, with the backend taking care of
> >>> populating the LDAP DIT and you keeping your sanity :)
> >>
> >> Thanks Arun,
> >>
> >> But you assume too much, I have no sanity left to keep :)
> >
> > Another tool that I forgot to mention is LDAP Account Manager (lam);
>
> I tried that a while back, together with webmin and that php thing.
>
> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP so
> that a jr sys admin could manage our intranet based services. But
> with LDAP, webmin doesn't seem to like adding users to groups and
> errors out.
>
> So I just hand edit an ldif for now and ldapmodify.
>
> I'll revisit the webmin error regarding adding users to groups and see
> whats going on.
----
I use webmin's LDAP Users and Groups to administer both users and groups
- it works fine if configured properly.

Craig



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

05-08-2010 04:43 PM

ldap: adding user to multiple groups
 
On May 8, 2010, at 9:37 AM, Craig White wrote:

>> I tried that a while back, together with webmin and that php thing.
>>
>> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP so
>> that a jr sys admin could manage our intranet based services. But
>> with LDAP, webmin doesn't seem to like adding users to groups and
>> errors out.
>>
>> So I just hand edit an ldif for now and ldapmodify.
>>
>> I'll revisit the webmin error regarding adding users to groups and
>> see
>> whats going on.
> ----
> I use webmin's LDAP Users and Groups to administer both users and
> groups
> - it works fine if configured properly.


Perfect!

You mind sharing some nuggets?

First, my issue;

Using webmin, I can add users and also add them to groups and
secondary group during initial creation of that user.

However if I then try to add an already created user to a secondary
group, webmin fails with;

Failed to save group : Failed to modify group in LDAP database :
modify/delete: description: no such attribute

I can do this using ldapmodify with an ldif file, just not via webmin.

I can add, remove users via webmin, I just can't add them to secondary
groups after I've created them.

I can only add them to secondary groups during initial creation of
that user.

Any help would be very very cool.

Thanks in advance Craig.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Craig White 05-08-2010 05:13 PM

ldap: adding user to multiple groups
 
On Sat, 2010-05-08 at 09:43 -0700, aurfalien@gmail.com wrote:
> On May 8, 2010, at 9:37 AM, Craig White wrote:
>
> >> I tried that a while back, together with webmin and that php thing.
> >>
> >> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP so
> >> that a jr sys admin could manage our intranet based services. But
> >> with LDAP, webmin doesn't seem to like adding users to groups and
> >> errors out.
> >>
> >> So I just hand edit an ldif for now and ldapmodify.
> >>
> >> I'll revisit the webmin error regarding adding users to groups and
> >> see
> >> whats going on.
> > ----
> > I use webmin's LDAP Users and Groups to administer both users and
> > groups
> > - it works fine if configured properly.
>
>
> Perfect!
>
> You mind sharing some nuggets?
>
> First, my issue;
>
> Using webmin, I can add users and also add them to groups and
> secondary group during initial creation of that user.
>
> However if I then try to add an already created user to a secondary
> group, webmin fails with;
>
> Failed to save group : Failed to modify group in LDAP database :
> modify/delete: description: no such attribute
>
> I can do this using ldapmodify with an ldif file, just not via webmin.
>
> I can add, remove users via webmin, I just can't add them to secondary
> groups after I've created them.
>
> I can only add them to secondary groups during initial creation of
> that user.
>
> Any help would be very very cool.
>
> Thanks in advance Craig.
----
I only recently discovered that myself - and I noticed that only
occurred when the group is not a samba group (i.e. no sambaGroupMapping
ou) but I almost suspect that it's because I am not using 'objectclass
top' for these entries but I never really investigated further. The only
differences between the ones that I can edit and the ones I can't edit
are the objectclass 'sambaGroupMapping' and 'top'

Craig



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Craig White 05-08-2010 05:28 PM

ldap: adding user to multiple groups
 
On Sat, 2010-05-08 at 10:13 -0700, Craig White wrote:
> On Sat, 2010-05-08 at 09:43 -0700, aurfalien@gmail.com wrote:
> > On May 8, 2010, at 9:37 AM, Craig White wrote:
> >
> > >> I tried that a while back, together with webmin and that php thing.
> > >>
> > >> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP so
> > >> that a jr sys admin could manage our intranet based services. But
> > >> with LDAP, webmin doesn't seem to like adding users to groups and
> > >> errors out.
> > >>
> > >> So I just hand edit an ldif for now and ldapmodify.
> > >>
> > >> I'll revisit the webmin error regarding adding users to groups and
> > >> see
> > >> whats going on.
> > > ----
> > > I use webmin's LDAP Users and Groups to administer both users and
> > > groups
> > > - it works fine if configured properly.
> >
> >
> > Perfect!
> >
> > You mind sharing some nuggets?
> >
> > First, my issue;
> >
> > Using webmin, I can add users and also add them to groups and
> > secondary group during initial creation of that user.
> >
> > However if I then try to add an already created user to a secondary
> > group, webmin fails with;
> >
> > Failed to save group : Failed to modify group in LDAP database :
> > modify/delete: description: no such attribute
> >
> > I can do this using ldapmodify with an ldif file, just not via webmin.
> >
> > I can add, remove users via webmin, I just can't add them to secondary
> > groups after I've created them.
> >
> > I can only add them to secondary groups during initial creation of
> > that user.
> >
> > Any help would be very very cool.
> >
> > Thanks in advance Craig.
> ----
> I only recently discovered that myself - and I noticed that only
> occurred when the group is not a samba group (i.e. no sambaGroupMapping
> ou) but I almost suspect that it's because I am not using 'objectclass
> top' for these entries but I never really investigated further. The only
> differences between the ones that I can edit and the ones I can't edit
> are the objectclass 'sambaGroupMapping' and 'top'
----
No - I just checked and the same thing still exists even if I add the
'top' objectclass to a 'non-samba' group but if it's a samba group, I
have no problem adding/removing members using webmin. It would seem to
be a problem with the webmin module.

Just for kicks, I've been playing with it and it seems to be working now
(now that I've turned logging on so I could report to Jamie).

I did notice that it seems to help to put something (anything) in the
description field.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

05-08-2010 05:38 PM

ldap: adding user to multiple groups
 
On May 8, 2010, at 10:28 AM, Craig White wrote:

> On Sat, 2010-05-08 at 10:13 -0700, Craig White wrote:
>> On Sat, 2010-05-08 at 09:43 -0700, aurfalien@gmail.com wrote:
>>> On May 8, 2010, at 9:37 AM, Craig White wrote:
>>>
>>>>> I tried that a while back, together with webmin and that php
>>>>> thing.
>>>>>
>>>>> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP
>>>>> so
>>>>> that a jr sys admin could manage our intranet based services. But
>>>>> with LDAP, webmin doesn't seem to like adding users to groups and
>>>>> errors out.
>>>>>
>>>>> So I just hand edit an ldif for now and ldapmodify.
>>>>>
>>>>> I'll revisit the webmin error regarding adding users to groups and
>>>>> see
>>>>> whats going on.
>>>> ----
>>>> I use webmin's LDAP Users and Groups to administer both users and
>>>> groups
>>>> - it works fine if configured properly.
>>>
>>>
>>> Perfect!
>>>
>>> You mind sharing some nuggets?
>>>
>>> First, my issue;
>>>
>>> Using webmin, I can add users and also add them to groups and
>>> secondary group during initial creation of that user.
>>>
>>> However if I then try to add an already created user to a secondary
>>> group, webmin fails with;
>>>
>>> Failed to save group : Failed to modify group in LDAP database :
>>> modify/delete: description: no such attribute
>>>
>>> I can do this using ldapmodify with an ldif file, just not via
>>> webmin.
>>>
>>> I can add, remove users via webmin, I just can't add them to
>>> secondary
>>> groups after I've created them.
>>>
>>> I can only add them to secondary groups during initial creation of
>>> that user.
>>>
>>> Any help would be very very cool.
>>>
>>> Thanks in advance Craig.
>> ----
>> I only recently discovered that myself - and I noticed that only
>> occurred when the group is not a samba group (i.e. no
>> sambaGroupMapping
>> ou) but I almost suspect that it's because I am not using
>> 'objectclass
>> top' for these entries but I never really investigated further. The
>> only
>> differences between the ones that I can edit and the ones I can't
>> edit
>> are the objectclass 'sambaGroupMapping' and 'top'
> ----
> No - I just checked and the same thing still exists even if I add the
> 'top' objectclass to a 'non-samba' group but if it's a samba group, I
> have no problem adding/removing members using webmin. It would seem to
> be a problem with the webmin module.
>
> Just for kicks, I've been playing with it and it seems to be working
> now
> (now that I've turned logging on so I could report to Jamie).
>
> I did notice that it seems to help to put something (anything) in the
> description field.

Wow, thanks for the r&d Craig!

sambaGroupMapping aye?

I don't use samba and have my Windows clients auth against ldap via
pGina which is an ldap client for Windows.

However even if i don't use samba for client auth, is there a way to
add it in my config just so I can mod group members?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

05-08-2010 05:38 PM

ldap: adding user to multiple groups
 
On May 8, 2010, at 10:28 AM, Craig White wrote:

> On Sat, 2010-05-08 at 10:13 -0700, Craig White wrote:
>> On Sat, 2010-05-08 at 09:43 -0700, aurfalien@gmail.com wrote:
>>> On May 8, 2010, at 9:37 AM, Craig White wrote:
>>>
>>>>> I tried that a while back, together with webmin and that php
>>>>> thing.
>>>>>
>>>>> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP
>>>>> so
>>>>> that a jr sys admin could manage our intranet based services. But
>>>>> with LDAP, webmin doesn't seem to like adding users to groups and
>>>>> errors out.
>>>>>
>>>>> So I just hand edit an ldif for now and ldapmodify.
>>>>>
>>>>> I'll revisit the webmin error regarding adding users to groups and
>>>>> see
>>>>> whats going on.
>>>> ----
>>>> I use webmin's LDAP Users and Groups to administer both users and
>>>> groups
>>>> - it works fine if configured properly.
>>>
>>>
>>> Perfect!
>>>
>>> You mind sharing some nuggets?
>>>
>>> First, my issue;
>>>
>>> Using webmin, I can add users and also add them to groups and
>>> secondary group during initial creation of that user.
>>>
>>> However if I then try to add an already created user to a secondary
>>> group, webmin fails with;
>>>
>>> Failed to save group : Failed to modify group in LDAP database :
>>> modify/delete: description: no such attribute
>>>
>>> I can do this using ldapmodify with an ldif file, just not via
>>> webmin.
>>>
>>> I can add, remove users via webmin, I just can't add them to
>>> secondary
>>> groups after I've created them.
>>>
>>> I can only add them to secondary groups during initial creation of
>>> that user.
>>>
>>> Any help would be very very cool.
>>>
>>> Thanks in advance Craig.
>> ----
>> I only recently discovered that myself - and I noticed that only
>> occurred when the group is not a samba group (i.e. no
>> sambaGroupMapping
>> ou) but I almost suspect that it's because I am not using
>> 'objectclass
>> top' for these entries but I never really investigated further. The
>> only
>> differences between the ones that I can edit and the ones I can't
>> edit
>> are the objectclass 'sambaGroupMapping' and 'top'
> ----
> No - I just checked and the same thing still exists even if I add the
> 'top' objectclass to a 'non-samba' group but if it's a samba group, I
> have no problem adding/removing members using webmin. It would seem to
> be a problem with the webmin module.
>
> Just for kicks, I've been playing with it and it seems to be working
> now
> (now that I've turned logging on so I could report to Jamie).
>
> I did notice that it seems to help to put something (anything) in the
> description field.
>
> Craig
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 06:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.