In my OpenLDAP server, it is possible to set a user as a member of a group, but it has another group as its primary group (I am using "LDAP Admin" as LDAP client tool). For example, in group1, I can see user1 as its "memberUid" attribute, but the "gidNumber" attribute of user1 is group2.
I'd like to know if this is a reasonable configuration, and in this case, should I consider user1 as the member of group2 too? For example, if I configure a machine to only allow gruop2 to login, can user1 log into that machine?
BTW, I do not know how to configure PAM to only allow a group or some groups to login the machine, if anyone can tell me the steps, it will be really appreciated!