[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
What will happen if a user is a member of a group, but has another group as its primary group
- To: openldap-technical@openldap.org
- Subject: What will happen if a user is a member of a group, but has another group as its primary group
- From: Qian Zhang <zhq527725@gmail.com>
- Date: Wed, 1 Aug 2012 22:21:07 +0800
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=8PCUeccBxDAecCVf9TWwfM97Jg2wLv5nm10CGS5gmWc=; b=iTyDd+9zxVTMA0lAXrv46Y74gPeDhwlziaG2YD1PuOgXTPV8FcYXAbM0ITPJTBy2+N m5xch7YXKxtvgZr2QOOdYJ1vUzDK7Fa/XKITBUALeJ7WOeHRozj+5/OlU3iJWilNNFkD mI0BtVkLuIqd3Is+ON3XH12zlEbIDmPm2yMXUdU5ohKMyfcbCs3XqbIZuSo3VfDGcNZX J9nAuB33SDzY0hgycMrDieZGYiE8aYYd8CKC3E4TfHzyU7kreAIJXa+OzcmuhBNBVvxJ JCm/zq05QgoWRa42VTf71QBfXP98ALydeOlxzrvkrN7Z0U1lzcNMxJ8KKWRMlIbDZLB2 JeAg==
Hi,
In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using "LDAP
Admin" as LDAP client tool). For example, in group1, I can see user1
as its "memberUid" attribute, but the "gidNumber" attribute of user1
is group2.
I'd like to know if this is a reasonable configuration, and in this
case, should I consider user1 as the member of group2 too? For
example, if I configure a machine to only allow gruop2 to login, can
user1 log into that machine?
BTW, I do not know how to configure PAM to only allow a group or some
groups to login the machine, if anyone can tell me the steps, it will
be really appreciated!
Thanks,
Qian