9:17 a.m.
Hello everyone,
we are trying to use OpenLDAP to provide user management for a CMS. The
CMS relies on OS groups to manage directory branch- and file-access.
We are using the following group structure:
dn: cn=ts_de_de_gg_ax, ou=Group, o=**********
gidNumber: 1400
memberUid: uid=tsmaster, ou=People, o=**********
memberUid: uid=teamsite, ou=People, o=**********
memberUid: uid=ostehov9, ou=People, o=**********
memberUid: uid=zenksid3, ou=People, o=**********
memberUid: uid=lellirdg, ou=People, o=**********
memberUid: uid=osteholdap, ou=People, o=**********
objectClass: posixGroup
objectClass: top
cn: ts_de_de_gg_ax
a user looks like this:
dn: uid=osteholdap, ou=People, o=*********
sn: osteholdap
userPassword:: *********
loginShell: /bin/bash
uidNumber: 3618
gidNumber: 504
mail: ******
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: teamsiteinfo
objectClass: inetOrgPerson
uid: osteholdap
tcgid: Z000E58C
gecos: ***********
teamsiteuserrole: tsuser
shadowLastChange: 11111
cn: *******
homeDirectory: /tmp
However, it is not possible for a user to access directories belonging
to a secondary group he belongs to. What could be the issue here?
I would be very grateful for a pointer into the right direction.
Regards,
Claus Kick
7:12 a.m.
Kick, Claus wrote:
we are trying to use OpenLDAP to provide user management for a CMS. The
CMS relies on OS groups to manage directory branch- and file-access.
We are using the following group structure:
dn: cn=ts_de_de_gg_ax, ou=Group, o=**********
gidNumber: 1400
memberUid: uid=tsmaster, ou=People, o=**********
[..]
The attribute 'memberUid' is not meant for storing DNs of entries.
Rather it is supposed to contain the value of attribute 'uidNumber' of
the member's entry.
uidNumber: 3618
Store this value in 'memberUid'.
Ciao, Michael.
12:47 a.m.
On Saturday 26 January 2008 17:12:15 Michael Ströder wrote:
Kick, Claus wrote:
> we are trying to use OpenLDAP to provide user management for a CMS. The
> CMS relies on OS groups to manage directory branch- and file-access.
>
> We are using the following group structure:
>
> dn: cn=ts_de_de_gg_ax, ou=Group, o=**********
> gidNumber: 1400
> memberUid: uid=tsmaster, ou=People, o=**********
>
> [..]
The attribute 'memberUid' is not meant for storing DNs of entries.
Rather it is supposed to contain the value of attribute 'uidNumber' of
the member's entry.
No, not uidNumber, uid!
> uidNumber: 3618
Store this value in 'memberUid'.
No, this one:
> uid: osteholdap
Regards,
Buchan
4:29 a.m.
New subject: AW: OpenLDAP and Solaris 10 - group problem
Von: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
Gesendet: Montag, 28. Januar 2008 09:47
An: openldap-technical(a)openldap.org
Cc: Michael Ströder; Kick, Claus
Betreff: Re: OpenLDAP and Solaris 10 - group problem
On Saturday 26 January 2008 17:12:15 Michael Ströder wrote:
Kick, Claus wrote:
> we are trying to use OpenLDAP to provide user management for a CMS. The
> CMS relies on OS groups to manage directory branch- and file-access.
>
> We are using the following group structure:
>
> dn: cn=ts_de_de_gg_ax, ou=Group, o=**********
> gidNumber: 1400
> memberUid: uid=tsmaster, ou=People, o=**********
>
> [..]
The attribute 'memberUid' is not meant for storing DNs of entries.
Rather it is supposed to contain the value of attribute 'uidNumber' of
the member's entry.
No, not uidNumber, uid!
> uidNumber: 3618
Store this value in 'memberUid'.
No, this one:
> uid: osteholdap
Hello Buchan,
So you mean storing the reference between user and group like this:
dn: cn=ts_de_de_rg_cs, ou=Group, o=***************
gidNumber: 11502
memberUid: tsmaster
memberUid: osteholdap
objectClass: posixGroup
objectClass: top
cn: ts_de_de_rg_cs
Instead of:
dn: cn=ts_de_de_rg_cs, ou=Group, o=***************
gidNumber: 11502
memberUid: 3618
objectClass: posixGroup
objectClass: top
cn: ts_de_de_rg_cs.
Do I understand you correctly?
Regards from Europe,
Claus
3:07 a.m.
New subject: AW: OpenLDAP and Solaris 10 - group problem
Hello everyone,
Tried out both and it was
memberUid: uid.
Thanks for the help,
Claus
5531
days inactive
5535
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
Buchan Milne -
Kick, Claus -
Michael Ströder