Hi Daniel, Yes that is the right approach.
Siddharth Choure Senior Systems Engineer
Apartments.com | Apartment Home Living 175 W Jackson Blvd | Suite 800 | Chicago, IL 60604 P: (312) 508-6551 | C: (312) 288-1591 schoure@apartments.commailto:schoure@apartments.com | www.apartments.com | www.ApartmentHomeLiving.com
The First Name in Apartment Search
From: Daniel Szortyka <daniel.szortyka@ibopedtm.commailto:daniel.szortyka@ibopedtm.com> Date: Tue, 11 Feb 2014 08:00:42 -0300 To: Siddharth Choure <schoure@apartments.commailto:schoure@apartments.com> Cc: "openldap-technical@openldap.orgmailto:openldap-technical@openldap.org" <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Subject: Re: how to manage groups in different machines using LDAP
Hi Sid,
Sorry for the delay & Thanks for the information. I'll manage to create groups thru LDAP and make sure nsswitch is reading groups only from LDAP, let me know if that's not the right approach.
Thanks, Daniel
On Fri, Feb 7, 2014 at 6:08 PM, Choure, Sidd <schoure@apartments.commailto:schoure@apartments.com> wrote: Are you creating the groups in LDAP as well? It seems that you aren’t. Just get rid of local groups and create the group in LDAP with the same GID. This will the GID will be consistent across machines.
Siddharth Choure Senior Systems Engineer
Apartments.com | Apartment Home Living 175 W Jackson Blvd | Suite 800 | Chicago, IL 60604 P: (312) 508-6551tel:%28312%29%20508-6551 | C: (312) 288-1591tel:%28312%29%20288-1591 schoure@apartments.commailto:schoure@apartments.com<mailto:schoure@apartments.commailto:schoure@apartments.com> | www.apartments.comhttp://www.apartments.com | www.ApartmentHomeLiving.comhttp://www.ApartmentHomeLiving.com
The First Name in Apartment Search
From: Daniel Szortyka <daniel.szortyka@ibopedtm.commailto:daniel.szortyka@ibopedtm.com<mailto:daniel.szortyka@ibopedtm.commailto:daniel.szortyka@ibopedtm.com>> Date: Fri, 7 Feb 2014 17:47:11 -0200 To: <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org<mailto:openldap-technical@openldap.orgmailto:openldap-technical@openldap.org>> Subject: how to manage groups in different machines using LDAP
Hey guys,
I'm new in the forum and new in the LDAP world. I have my environment set up and working fine so far.
I have a LDAP server and few other stations which autenticate in my server, OK so far.
However, I have applications running exclusively with a special group, let's say "SAS" and that's my problem.
Group SAS in MachineA is GID = 501 (/etc/groups) Group SAS in MachineB is GID = 502 (/etc/groups) (this was defined some time ago.. every computer has a different GID for Group SAS)
UserA was created with GID = 501 in LDAP.
The problem is that when UserA authenticates in MachineB, he doesn't have a group assigned.
I would like to know which direction I should go to make sure no matter what computer the user authenticates, he'll get the right group assigned.
Tks in advance.
-Daniel Szortyka Porto Alegre / RS / Brasil SysAdm at IBOPE
Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle.
This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system.
Este mensaje ha sido enviado exclusivamente para la(s) persona(s) destinataria(s) y puede contener información confidencial. Si Usted no es el destinatario, esta desde ya compelido a no divulgar, copiar, distribuir, examinar o, de cualquier manera, utilizar la información contenida en este mensaje, por razones legales. Caso Usted haya recibido este mensaje equivocadamente, favor contestar al remitente en forma inmediata, borrándolo de su base de datos, registros o sistema de control.
-- Att, [http://www.ibopedtm.com/images/logo_ibopedtm.jpg]
[http://www.dtmarketing.com.br/mmkt/dtm/ti.png]
Daniel Szortyka :: Infraestrutura • daniel.szortyka@ibopedtm.commailto:daniel.szortyka@ibopedtm.com • 5133823316
Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle.
This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system.
Este mensaje ha sido enviado exclusivamente para la(s) persona(s) destinataria(s) y puede contener información confidencial. Si Usted no es el destinatario, esta desde ya compelido a no divulgar, copiar, distribuir, examinar o, de cualquier manera, utilizar la información contenida en este mensaje, por razones legales. Caso Usted haya recibido este mensaje equivocadamente, favor contestar al remitente en forma inmediata, borrándolo de su base de datos, registros o sistema de control.