Hello everyone,
we are trying to use OpenLDAP to provide user management for a CMS. The CMS relies on OS groups to manage directory branch- and file-access.
We are using the following group structure:
dn: cn=ts_de_de_gg_ax, ou=Group, o=********** gidNumber: 1400 memberUid: uid=tsmaster, ou=People, o=********** memberUid: uid=teamsite, ou=People, o=********** memberUid: uid=ostehov9, ou=People, o=********** memberUid: uid=zenksid3, ou=People, o=********** memberUid: uid=lellirdg, ou=People, o=********** memberUid: uid=osteholdap, ou=People, o=********** objectClass: posixGroup objectClass: top cn: ts_de_de_gg_ax
a user looks like this:
dn: uid=osteholdap, ou=People, o=********* sn: osteholdap userPassword:: ********* loginShell: /bin/bash uidNumber: 3618 gidNumber: 504 mail: ****** objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: teamsiteinfo objectClass: inetOrgPerson uid: osteholdap tcgid: Z000E58C gecos: *********** teamsiteuserrole: tsuser shadowLastChange: 11111 cn: ******* homeDirectory: /tmp
However, it is not possible for a user to access directories belonging to a secondary group he belongs to. What could be the issue here?
I would be very grateful for a pointer into the right direction.
Regards, Claus Kick
Kick, Claus wrote:
we are trying to use OpenLDAP to provide user management for a CMS. The CMS relies on OS groups to manage directory branch- and file-access.
We are using the following group structure:
dn: cn=ts_de_de_gg_ax, ou=Group, o=********** gidNumber: 1400 memberUid: uid=tsmaster, ou=People, o=********** [..]
The attribute 'memberUid' is not meant for storing DNs of entries. Rather it is supposed to contain the value of attribute 'uidNumber' of the member's entry.
uidNumber: 3618
Store this value in 'memberUid'.
Ciao, Michael.
On Saturday 26 January 2008 17:12:15 Michael Ströder wrote:
Kick, Claus wrote:
we are trying to use OpenLDAP to provide user management for a CMS. The CMS relies on OS groups to manage directory branch- and file-access.
We are using the following group structure:
dn: cn=ts_de_de_gg_ax, ou=Group, o=********** gidNumber: 1400 memberUid: uid=tsmaster, ou=People, o=**********
[..]
The attribute 'memberUid' is not meant for storing DNs of entries. Rather it is supposed to contain the value of attribute 'uidNumber' of the member's entry.
No, not uidNumber, uid!
uidNumber: 3618
Store this value in 'memberUid'.
No, this one:
uid: osteholdap
Regards, Buchan
Von: Buchan Milne [mailto:bgmilne@staff.telkomsa.net] Gesendet: Montag, 28. Januar 2008 09:47 An: openldap-technical@openldap.org Cc: Michael Ströder; Kick, Claus Betreff: Re: OpenLDAP and Solaris 10 - group problem
On Saturday 26 January 2008 17:12:15 Michael Ströder wrote:
Kick, Claus wrote:
we are trying to use OpenLDAP to provide user management for a CMS. The CMS relies on OS groups to manage directory branch- and file-access.
We are using the following group structure:
dn: cn=ts_de_de_gg_ax, ou=Group, o=********** gidNumber: 1400 memberUid: uid=tsmaster, ou=People, o=**********
[..]
The attribute 'memberUid' is not meant for storing DNs of entries. Rather it is supposed to contain the value of attribute 'uidNumber' of the member's entry.
No, not uidNumber, uid!
uidNumber: 3618
Store this value in 'memberUid'.
No, this one:
uid: osteholdap
Hello Buchan,
So you mean storing the reference between user and group like this:
dn: cn=ts_de_de_rg_cs, ou=Group, o=*************** gidNumber: 11502 memberUid: tsmaster memberUid: osteholdap objectClass: posixGroup objectClass: top cn: ts_de_de_rg_cs
Instead of:
dn: cn=ts_de_de_rg_cs, ou=Group, o=*************** gidNumber: 11502 memberUid: 3618 objectClass: posixGroup objectClass: top cn: ts_de_de_rg_cs.
Do I understand you correctly?
Regards from Europe,
Claus
Hello everyone,
Tried out both and it was memberUid: uid.
Thanks for the help,
Claus
openldap-technical@openldap.org
-
Buchan Milne -
Kick, Claus -
Michael Ströder