On May 6, 2010, at 11:35 AM, Paul Heinlein wrote:
On Thu, 6 May 2010, aurfalien@gmail.com wrote:
Hi all,
Not having much luck adding a user to more then 1 group in OpenLDAP thats provided in Centos.
Any suggestions to have the outcome of having a user belong to multiple groups?
Should I create a new group that has multiple GIDs and assign a user to that new group? If so, how? :)
Each posixGroup can have multiple memberUid entries. In our environment, a memberUid is specified by username (not numeric uid); I suspect that's normal practice, but you might want to get confirmation from others.
A user's posixAccount record has no backward mapping of group memberships; it only contains the standard gidNumber entry.
In short:
- Define the posixGroup DN
- Add one or more memberUid entries.
O, I think I follow.
Say my current group definition in ldap is;
# pm, groups, foo.bar dn: cn=pm,ou=groups,dc=foo,dc=bar objectClass: top objectClass: posixGroup cn: pm gidNumber: 200
So would I extend this and add members there instead of in there own entry? How would it look?