Re: Assigning Groups to LDAP users

[Liam Gretton <liam.gretton@leicester.ac.uk>]

On 10/08/2011 09:11, pradyumna dash wrote:

> Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
> "ITTech", What is needed is like say when a user "bob" logging
> in to "Server1" he will get the group "Admin", but when he logs in to "Server2"
> he will get group "ITTech".  Also it may vary for different users
> like when "Kris" logs in to Server1 he may get a group called "ITTech" and when
> he logs in to "Server2"  he will get some other group say "Security".

I tried this ages ago with a mapping for nss_ldap along these lines:

nss_map_attribute gidNumber gidNumberServer1

gidNumberServer1 being a custom attribute holding the primary GID to be 
used for Server1.

Unfortunately nss_ldap didn't like this, and the groups couldn't be 
looked up with 'getent group'.

See the discussion at 
<http://old.nabble.com/nss_map_attribute-gidNumber-problem-td27545035.html> 
- there was a possible solution suggested which is in a draft RFC, but 
the link to it no longer works.

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                 http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom