[Date Prev][Date Next] [Chronological] [Thread] [Top]

What will happen if a user is a member of a group, but has another group as its primary group



Hi,

In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using "LDAP
Admin" as LDAP client tool). For example, in group1, I can see user1
as its "memberUid" attribute, but the "gidNumber" attribute of user1
is group2.

I'd like to know if this is a reasonable configuration, and in this
case, should I consider user1 as the member of group2 too? For
example, if I configure a machine to only allow gruop2 to login, can
user1 log into that machine?

BTW, I do not know how to configure PAM to only allow a group or some
groups to login the machine, if anyone can tell me the steps, it will
be really appreciated!


Thanks,
Qian