[K12OSN] smbldap - adding ldap users to local groups
James P. Kinney III
jkinney at localnetsolutions.com
Thu Oct 25 17:59:50 UTC 2007
At this point, consolidating the distro used on the servers may be a
best route forward.
Also be aware that it is only the local machine that uses UID/GID
numbers. If I have a jkinney account on 2 machines, one with UID 10223
and another with UID 500, I can NFS mount the /home from one and have
full rights on the other as user jkinney. The local kernel does the
mapping between name and number.
I would strongly suggest giving a hard thought about choosing a
particular distro for your servers and sticking with it. It will
simplify the admin/support aspect enough to warrant the effort changing.
On Thu, 2007-10-25 at 13:43 -0400, Rob Owens wrote:
> Steven Santos wrote:
> > So you are looking for something like IDMAP in SAMBA to map LDAP group names
> > to local group names, without the numbers needing to match,
> Yes, I think so...
>
> > or more to the
> > point, the machine being able to say to the LDAP database "I am a
> > Centros/RedHat/Whatever machine, the correct gid for the FUSE group is...?"
> > and to get the proper mapping that way.
> I wouldn't need any logic like this built in if I could simply do this:
> 1) create an LDAP group called "ldapcdrom"
> 2) add millions of LDAP users to the ldapcdrom group
> 3) on a Debian machine, make "ldapcdrom" a member of the local group "cdrom"
> 4) on a CentOS machine, make "ldapcdrom" a member of the local group "disk"
> 5) *not* have to add millions of LDAP users to each local group
> ("cdrom", "disk", etc)
>
> That way I decide which local group matches up with which ldap group,
> but I only have to establish that relationship once on each machine.
> Unfortunately, local groups do not seem to accept other groups as
> members -- they only accept users. That is what my testing suggests,
> anyway.
>
> -Rob
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
--
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
770-493-8244
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/k12osn/attachments/20071025/f9f2a941/attachment.sig>
More information about the K12OSN
mailing list