[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Assigning Groups to LDAP users
- To: openldap-technical@openldap.org
- Subject: Re: Assigning Groups to LDAP users
- From: Christopher Wood <christopher_wood@pobox.com>
- Date: Fri, 12 Aug 2011 12:22:36 -0400
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to:content-transfer-encoding; s=sasl; bh=yu5c31hwQaAky brQfin2u/SBBjc=; b=AdrB/uW/aHrTdfixwOJapWdd8H9bc2lUg7GIjACftAg4/ xitB4NBJ4aY9vT1bSqbGRaFiavSMD4j//vHhHeB+UFUqUk9ZJNa5h4aSAJsvkC4i 6t2rYJ34eOz4zSxUYB3GiKBXmWoHpcRq3xUeuRvEy1ZPg2zEqFI5gnobrim+/8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to:content-transfer-encoding; q=dns; s=sasl; b=PsAgphM w2OygNyg+TBvp/2/waVCO2qbvbij9Mt7NxxG0lyprX54fiLl5nGJv8pKdGNKvMXS bM/aoFBPEDLJpM2k3VI+ltpFL76K0ak5qAYZnd6boTIl9Kdn1i23tLDsFg6X3NQ1 KxmDAv5LOn/yrFwrcAQcmtlSTgEGWAbIRwgw=
- In-reply-to: <CA+LU3B4xWT=GR7fbdX-xBePiBuOVNYLmswyTxdM+Z0beHUFMYw@mail.gmail.com>
- References: <CA+LU3B4xWT=GR7fbdX-xBePiBuOVNYLmswyTxdM+Z0beHUFMYw@mail.gmail.com>
- User-agent: Mutt/1.5.20 (2009-06-14)
Below sounds like your servers are configured inconsistently. Why wouldn't
you have user "bob" be in the same group on every server? That would
avoid this whole question.
In your position I would get some sensible, deployment-wide standard
going and then create my sudoers and ldap directory based on that standard.
On Wed, Aug 10, 2011 at 10:11:17AM +0200, pradyumna dash wrote:
> Guys,
>
> I have a query, lets take a scenario :
>
> Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
> "ITTech", What is needed is like say when a user "bob" logging
> in to "Server1" he will get the group "Admin", but when he logs in to
> "Server2" he will get group "ITTech".ï Also it may vary for different
> users
> like when "Kris" logs in to Server1 he may get a group called "ITTech" and
> when he logs in to "Server2"ï he will get some other group say "Security".
> Can it be possible by OpenLDAP ? If this is achieved then we are planning
> to have SUDO files based on the grooups.
>
> It would be great if you can provide me some pointers or how-to.
>
> Regards,
> Neo