On 08/12/2011 07:40 PM, Buchan Milne wrote:
On Wednesday, 10 August 2011 10:11:17 pradyumna dash wrote:
> I have a query, lets take a scenario :
> Assume we have 2 servers "Server1" and "Server2" and 2 groups
> "ITTech", What is needed is like say when a user "bob" logging
> in to "Server1" he will get the group "Admin", but when he logs
> "Server2" he will get group "ITTech". Also it may vary for
> like when "Kris" logs in to Server1 he may get a group called
> when he logs in to "Server2" he will get some other group say
> Can it be possible by OpenLDAP ?
IMHO, this is a bad idea. It will specifically be problematic if you have any
files shared/replicated/backed up between servers (e.g. via NFS).
We are using this functionality without any problems. :)
This is feature of nss_ldap.
personals user groups:
first project groups:
second project groups:
> If this is achieved then we are planning
> to have SUDO files based on the grooups.
It would be much more effective to have your sudo rules in LDAP, and apply a
rule to a set of users/groups to a collection/netgroup of hosts.