LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-26-2009, 06:20 AM   #1
IsakovAN
LQ Newbie
 
Registered: Nov 2009
Posts: 2

Rep: Reputation: 0
Group membership and restrictions


Hello all!

I have ldap server with users and groups. The next step I plan is expand Linux on desktops. I have install testing system and connect it with ldap.
All works fine, I can logon using nfs shares as home...
But my "domain" users aren`t member of standard Linux groups such as plugdev, pulse-access e.t.c.
Of course I can move that groups to ldap and add EACH user to EACH group and do that for all new users but is it right solution?

Is it possible to add domain groups to local groups? Can one group be a member of another group?
Or may be I can tune system to use domain groups to restrict access to system services?

Best regards, Isakov Alexandr

P.S. Sorry of my bad English
 
Old 12-21-2009, 02:21 AM   #2
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 249Reputation: 249Reputation: 249
Greetingz!

Can you provide a bit more detail about your setup? For Example: are you using something like OpenLDAP or Sun's Java Enterprise Services (or whatever they're calling their Directory suite these days)?

What about the Linux desktops you (plan to) roll out? What distribution?

Also, if you're trying to add groups to an LDAP user, you're going to need to let us know what tool(s) you're using to browse and edit your LDAP schema/database.

Thanks!
 
Old 12-21-2009, 02:37 AM   #3
IsakovAN
LQ Newbie
 
Registered: Nov 2009
Posts: 2

Original Poster
Rep: Reputation: 0
All servers and workstations on Gentoo Linux(unstable).
OpenLDAP-2.4.19

This is groups I have:
administration:x:10000:*
accountants:x:10001:*
sales:x:10002:*
isales:x:10003:*
transport:x:10004:*

This is groups I need to add users:
lp:x:7:lp
audio:x:18:pulse
cdrom:x:19:haldaemon
video:x:27:
cdrw:x:80:haldaemon
users:x:100:games
plugdev:x:1004:haldaemon
realtime:x:1005:
pulse-access:x:1006:
crontab:x:1012:
scanner:x:1014:
vboxusers:x:1015:
games:x:35:

I use phpLDAPadmin, Luma or console openldap utils directly.
 
  


Reply

Tags
ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Maximum setting for ID group membership polar_bear Linux - Server 5 01-26-2008 12:04 PM
Group Membership Limitations Kdr Kane Linux - Enterprise 1 08-23-2006 03:05 PM
Force group membership reload? humbletech99 Linux - General 2 06-03-2006 05:02 AM
Group membership? KlaymenDK Mandriva 4 06-25-2004 05:10 AM
Group Membership Question rlkiddjr Linux - General 3 06-18-2002 11:26 PM


All times are GMT -5. The time now is 04:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration