Local group for LDAP user
Hi,
Both my CentOS 5.2 and Ubuntu 8.04 boxes authenticates via the LDAP/Kerberos of the organization (which needless to say, contains thousands of users). So all LDAP users can log in these two boxes. But I want to give some (predefined) additional access to a new users (xyz123). I noted that all the users having the additional access (e.g., abc123) are member of a certain group [829857(umg/dept.res.access.workstations)]. So I guessed if I can add this group to the supplemental groups of xyz123, I would be able to achieve what I want. In short I want to add LDAP user xyz123 to local group 829857. But when I tried to use useradd or usermod commands I got errors: Quote:
Where am I going wrong? Thanks in advance, |
Can you not create a group called
Quote:
|
Thanks irishbitte! Thanks for replying to the other cross-listed post, too!
If I look at /etc/groups file, there is no local group 829857(umg/dept.res.access.workstations). But all the user who log in to a local directory on that machine are member of this group. And others who log in but to a universally defined LDAP directory are member of access(1000) group. So I was thinking may be there is another way without creating a local group [829857(umg/dept.res.access.workstations)]. By the way, any idea why all other users are member of the access(1000) group. Sorry if I am confusing, but I am at a loss in what to do, or rather if at all I can do anything having the root permission only on the local machine! Thanks in advance, [UPDATE -- Solved| I didn't have enough permission to add the user to the group specified. I had contacted LDAP admin and he did it all!] |
Is there a limit to the number of groups length of GUI?
Hi,
I am also a user of the same "User Managed Group" enabled LDAP server. We have seen a situation where when have multiple groups (30+) to which a single user is a member, it seems that permissions are only honored by the first 16 or so groups to which that use is a member. It seems that after that, the group membership is ignored. If we create a local group with a lower number (5xx) then that groups works. Is there a limit to the number of groups a person can be a member of on specific box? Does it matter if those groups are local or via LDAP? |
|
All times are GMT -5. The time now is 11:56 AM. |