I am a complete rookie when it comes to LDAP, so my apologies if what I am about to ask is something obvious. I have an LDIF file that contains entries like the following: # someuser, individuals, mydomain.comdn: uid=someuser,ou=individuals,dc=mydomain,dc=comuid: someusercn: someuserobjectClass: accountobjectClass: posixAccountloginShell: /bin/bashuidNumber: 1000gidNumber: 100homeDirectory: /home/someuser When used in conjunction with NSS in a Linux box, this allows me to centralize a number of Linux attributes for users - a specific one here called 'someuser'. The next thing I would like to do is to store information in the LDAP server about other groups that someuser belongs to. For example, besides 'users' (GID 100) someuser might belong to 'power' (GID 84) , 'mysql' (GID 27) and 'cdrom' (GID 19). Can anybody please point me in the right direction how to pull this off?
On 5/10/19 5:43 PM, JC wrote:
# someuser, individuals, mydomain.com dn: uid=someuser,ou=individuals,dc=mydomain,dc=com uid: someuser cn: someuser objectClass: account objectClass: posixAccount loginShell: /bin/bash uidNumber: 1000 gidNumber: 100 homeDirectory: /home/someuser
When used in conjunction with NSS in a Linux box, this allows me to centralize a number of Linux attributes for users - a specific one here called 'someuser'. The next thing I would like to do is to store information in the LDAP server about other groups that someuser belongs to.
You need posixGroup which is available in two flavors.
Before you dive into this yourself one question: Do you want to design all this yourself to learn stuff in depth or do you want to get something going real soon?
If the latter there are some ready-to-use solutions out there based on OpenLDAP. Being the author of https://ae-dir.com I'm biased of course.
Ciao, Michael.
openldap-technical@openldap.org
-
JC -
Michael Ströder