On 03/14/13 12:52 +0000, Gerhardus Geldenhuis wrote:
Hi Admittedly this is slightly OT but I were hoping someone could point me in the right direction.
I want to be able to grant LDAP users group membership to local groups on a Ubuntu box. For example the adm group.
How would I go about doing this?
As a very quick test I created a adm group in ldap but it is not having the desired effect. Output from getent group | grep arm
adm:x:4: adm:*:4:uid=ggeldenhuis,ou=People,dc=example,dc=com
The first adm group is the local file group and the second my ldap group.
Am I going about this in the wrong way... ?
You apparently have this in your ldap tree:
memberUid: uid=ggeldenhuis,ou=People,dc=example,dc=com
for your adm group. Instead, that should be:
memberUid: ggeldenhuis
Regardless, your group names and guids *should* be unique to the system.
You could remove the entry that's located in /etc/group or, instead of creating an ldap adm group, you could specify a gidNumber of 4 for uid=ggeldenhuis, which will place the user in the group - 'groups ggeldenhuis' should then report the user as a member of adm.