[CentOS] ldap: adding user to multiple groups

Thu May 6 18:35:59 UTC 2010
Paul Heinlein <heinlein at madboa.com>

On Thu, 6 May 2010, aurfalien at gmail.com wrote:

> Hi all,
> Not having much luck adding a user to more then 1 group in OpenLDAP 
> thats provided in Centos.
> Any suggestions to have the outcome of having a user belong to 
> multiple groups?
> Should I create a new group that has multiple GIDs and assign a user 
> to that new group?  If so, how? :)

Each posixGroup can have multiple memberUid entries. In our 
environment, a memberUid is specified by username (not numeric uid); I 
suspect that's normal practice, but you might want to get confirmation 
from others.

A user's posixAccount record has no backward mapping of group 
memberships; it only contains the standard gidNumber entry.

In short:

  1. Define the posixGroup DN
  2. Add one or more memberUid entries.

Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/