This is exactly what I am trying to achieve as well but with the help of aliased objects
so that I have common data (think passwords) across all applicable servers without having
to replicate it for each host. I can't however get the aliases to follow across
I'd be curious to know how he deals with scenarios of needing same groups or users on
On Aug 14, 2011, at 5:35 AM, Dmitriy Kirhlarov <dimma(a)higis.ru> wrote:
On 08/12/2011 07:40 PM, Buchan Milne wrote:
> On Wednesday, 10 August 2011 10:11:17 pradyumna dash wrote:
>> I have a query, lets take a scenario :
>> Assume we have 2 servers "Server1" and "Server2" and 2 groups
>> "ITTech", What is needed is like say when a user "bob"
>> in to "Server1" he will get the group "Admin", but when he
logs in to
>> "Server2" he will get group "ITTech". Also it may vary for
>> like when "Kris" logs in to Server1 he may get a group called
>> when he logs in to "Server2" he will get some other group say
>> Can it be possible by OpenLDAP ?
> IMHO, this is a bad idea. It will specifically be problematic if you have any
> files shared/replicated/backed up between servers (e.g. via NFS).
We are using this functionality without any problems. :)
This is feature of nss_ldap.
personals user groups:
first project groups:
second project groups:
>> If this is achieved then we are planning
>> to have SUDO files based on the grooups.
> It would be much more effective to have your sudo rules in LDAP, and apply a
> rule to a set of users/groups to a collection/netgroup of hosts.