> From: "Norm Dressler" <ndressler@dinmar.com> > Date: Thu, 5 Jul 2001 15:08:35 -0400 > > Not sure if this is the right place for the question, but I?m certain > someone out there must be using it. > > I have set up my ldap server, and its working fine. I can log into my > RedHat 7.0 linux box using an LDAP account with no problems. > > I have tried to establish groups in my LDAP directory as well. I am using > a > tool called directory_administrator and its working great. It creates the > following in my ldap: > dn: cn=mygroup,dc=dinmar,dc=com > objectclass: top > objectclass: posixGroup > cn: mygroup > gidnumber: 2005 > uniquemember: uid=ndressler, dc=dinmar,dc=com > > The problem is, my Linux box doesn?t seem to recognize these groups. I?ve > implemented the PAM modules from padl.com as per their instructions > (although they are using a version 2 of ldap, while I?m using version 1.2.12 > (because I need samba support in there as well). > > I created a directory called /groups/mygroup. I chowned it to chown ?R > :2005 mygroup, and chmod ?R 770 mygroup. When I log in as ndressler, it > gives me an access denied to the directory. > > I?m not sure where to begin looking ? any hints? If you look at the definition of a posixGroup: objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top STRUCTURAL DESC 'Abstraction of a group of accounts' MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) ) you won't find a uniqueMember attribute, instead you'll find a memberUid group. memberUid contains member names, so you instead want something like this: dn: cn=mygroup,dc=dinmar,dc=com objectclass: top objectclass: posixGroup cn: mygroup gidnumber: 2005 memberuid: ndressler seems that directory_administrator has a non-standard idea of what a group is. Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ virCIO http://www.virCIO.Com 4314 Avenue C Austin, TX 78751-3709 +1 512 374 0500 My email address is an experiment in SPAM elimination. For an explanation of what we're doing, see http://www.DeepEddy.Com/tms.html Nobody ever got fired for buying Microsoft, but they could get fired for relying on Microsoft.
Attachment:
pgpvTE5Pl6NZ9.pgp
Description: PGP signature