Hi all, I need some clarification regarding how permissions of members are taken care when they login to a client machine. As I understand "gidNumber" that I give while creating group entry(like "gidNumber" "4" for "qagroup", which refers to "gid" of "adm" group on a linux machine /etc/group), so permissions of that group are assigned to members of "qagroup" i.e. ldap1 & ldap2 when they login to any client. Is that correct?
It is confusing because, members ldap1 & ldap2 belong to posixAccount objectclass which also requires gidNumber as required attribute. So does gidNumber values mentioned in member's entry get overwritten by gidNumber attribute inside their group i.e "qagroup"? What about the case where single member is added to multiple groups? what permissions does the member get when he logs on to particular machine?
ldif input: dn: uid=ldap1,ou=Users,dc=test,dc=com objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/ldap1 loginShell: /bin/bash cn: ldap1 uidNumber: 10000 gidNumber: 500 <============= sn: ldap1 mobile: 987777787 physicalDeliveryOfficeName: ravi userPassword: ldap1 uid: ldap1
dn: cn=qagroup,ou=Groups,dc=test,dc=com cn: qagroup gidNumber: 4 <=============== objectClass: posixGroup memberUid: uid=ldap1,ou=Users,dc=test,dc=com memberUid: uid=ldap2,ou=Users,dc=test,dc=com
Thanks in advance Shamika