On 10/08/2011 09:11, pradyumna dash wrote:
Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and "ITTech", What is needed is like say when a user "bob" logging in to "Server1" he will get the group "Admin", but when he logs in to "Server2" he will get group "ITTech". Also it may vary for different users like when "Kris" logs in to Server1 he may get a group called "ITTech" and when he logs in to "Server2" he will get some other group say "Security".
I tried this ages ago with a mapping for nss_ldap along these lines:
nss_map_attribute gidNumber gidNumberServer1
gidNumberServer1 being a custom attribute holding the primary GID to be used for Server1.
Unfortunately nss_ldap didn't like this, and the groups couldn't be looked up with 'getent group'.
See the discussion at http://old.nabble.com/nss_map_attribute-gidNumber-problem-td27545035.html - there was a possible solution suggested which is in a draft RFC, but the link to it no longer works.