[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Assigning Groups to LDAP users
On 10/08/2011 09:11, pradyumna dash wrote:
Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
"ITTech", What is needed is like say when a user "bob" logging
in to "Server1" he will get the group "Admin", but when he logs in to "Server2"
he will get group "ITTech". Also it may vary for different users
like when "Kris" logs in to Server1 he may get a group called "ITTech" and when
he logs in to "Server2" he will get some other group say "Security".
I tried this ages ago with a mapping for nss_ldap along these lines:
nss_map_attribute gidNumber gidNumberServer1
gidNumberServer1 being a custom attribute holding the primary GID to be
used for Server1.
Unfortunately nss_ldap didn't like this, and the groups couldn't be
looked up with 'getent group'.
See the discussion at
<http://old.nabble.com/nss_map_attribute-gidNumber-problem-td27545035.html>
- there was a possible solution suggested which is in a draft RFC, but
the link to it no longer works.
--
Liam Gretton liam.gretton@le.ac.uk
HPC Architect http://www.le.ac.uk/its
IT Services Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom