Le 01/08/2012 16:21, Qian Zhang a écrit :
Hi,
In my OpenLDAP server, it is possible to set a user as a member of a group, but it has another group as its primary group (I am using "LDAP Admin" as LDAP client tool). For example, in group1, I can see user1 as its "memberUid" attribute, but the "gidNumber" attribute of user1 is group2.
I'd like to know if this is a reasonable configuration, and in this case, should I consider user1 as the member of group2 too? For example, if I configure a machine to only allow gruop2 to login, can user1 log into that machine?
BTW, I do not know how to configure PAM to only allow a group or some groups to login the machine, if anyone can tell me the steps, it will be really appreciated!
Actually, those kind of question are not specific to openldap, nor to any other ldap implementation. You'll probably have better answers on dedicated mailing list, such as nss_ldap user list for instance.
Also, you can get the answer to your questions quite easily by editing directly good old /etc/{passwd,group} plain text files, and getent/id commands.