[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to manage groups in different machines using LDAP



Hi Sid,

Sorry for the delay & Thanks for the information. 
I'll manage to create groups thru LDAP and make sure nsswitch is reading groups only from LDAP, let me know if that's not the right approach.

Thanks,
Daniel






On Fri, Feb 7, 2014 at 6:08 PM, Choure, Sidd <schoure@apartments.com> wrote:
Are you creating the groups in LDAP as well? It seems that you aren’t. Just get rid of local groups and create the group in LDAP with the same GID. This will the GID will be consistent across machines.


Siddharth Choure
Senior Systems Engineer

Apartments.com | Apartment Home Living
175 W Jackson Blvd | Suite 800 | Chicago, IL 60604
P: (312) 508-6551 | C: (312) 288-1591
schoure@apartments.com<mailto:schoure@apartments.com> | www.apartments.com | www.ApartmentHomeLiving.com

The First Name in Apartment Search


From: Daniel Szortyka <daniel.szortyka@ibopedtm.com<mailto:daniel.szortyka@ibopedtm.com>>
Date: Fri, 7 Feb 2014 17:47:11 -0200
To: <openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>>
Subject: how to manage groups in different machines using LDAP

Hey guys,

I'm new in the forum and new in the LDAP world.
I have my environment set up and working fine so far.

I have a LDAP server and few other stations which autenticate in my server, OK so far.

However, I have applications running exclusively with a special group, let's say "SAS" and that's my problem.

Group SAS in MachineA is GID = 501 (/etc/groups)
Group SAS in MachineB is GID = 502 (/etc/groups)
(this was defined some time ago.. every computer has a different GID for Group SAS)

UserA was created with GID = 501 in LDAP.

The problem is that when UserA authenticates in MachineB, he doesn't have a group assigned.


I would like to know which direction I should go to make sure no matter what computer the user authenticates, he'll get the right group assigned.


Tks in advance.

-Daniel Szortyka
Porto Alegre / RS / Brasil
SysAdm at IBOPE




Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle.

This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system.

Este mensaje ha sido enviado exclusivamente para la(s) persona(s) destinataria(s) y puede contener información confidencial. Si Usted no es el destinatario, esta desde ya compelido a no divulgar, copiar, distribuir, examinar o, de cualquier manera, utilizar la información contenida en este mensaje, por razones legales. Caso Usted haya recibido este mensaje equivocadamente, favor contestar al remitente en forma inmediata, borrándolo de su base de datos, registros o sistema de control.



--
Att,

 
Daniel Szortyka :: Infraestrutura
*
 daniel.szortyka@ibopedtm.com
(
  5133823316


Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. 

This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system. 

Este mensaje ha sido enviado exclusivamente para la(s) persona(s) destinataria(s) y puede contener información confidencial. Si Usted no es el destinatario, esta desde ya compelido a no divulgar, copiar, distribuir, examinar o, de cualquier manera, utilizar la información contenida en este mensaje, por razones legales. Caso Usted haya recibido este mensaje equivocadamente, favor contestar al remitente en forma inmediata, borrándolo de su base de datos, registros o sistema de control.