On May 6, 2010, at 11:35 AM, Paul Heinlein wrote: > On Thu, 6 May 2010, aurfalien at gmail.com wrote: > >> Hi all, >> >> Not having much luck adding a user to more then 1 group in OpenLDAP >> thats provided in Centos. >> >> Any suggestions to have the outcome of having a user belong to >> multiple groups? >> >> Should I create a new group that has multiple GIDs and assign a user >> to that new group? If so, how? :) > > Each posixGroup can have multiple memberUid entries. In our > environment, a memberUid is specified by username (not numeric uid); I > suspect that's normal practice, but you might want to get confirmation > from others. > > A user's posixAccount record has no backward mapping of group > memberships; it only contains the standard gidNumber entry. > > In short: > > 1. Define the posixGroup DN > 2. Add one or more memberUid entries. O, I think I follow. Say my current group definition in ldap is; # pm, groups, foo.bar dn: cn=pm,ou=groups,dc=foo,dc=bar objectClass: top objectClass: posixGroup cn: pm gidNumber: 200 So would I extend this and add members there instead of in there own entry? How would it look?