LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-13-2011, 12:50 PM   #1
Merlin53
Member
 
Registered: May 2003
Location: Dayton, Ohio
Distribution: Redhat/IRIX/Windows
Posts: 35

Rep: Reputation: 15
How do I define a global group made up of other groups in LDAP?


Hello All,

I'm trying to create a group called Domain Users, that will include several other groups that are populated with users inside of the LDAP database. In the LDAP database, for a group entry, there are memberUid entries that can be filled. When I try to use another "Group" name, it just lists that name and not the people in that group.
So if group "A" has Jim, John, Sue, and I include group "A" in the memberUid of the Domain Users group, I want that to reference the people in that group, not the group name.
Testing access right, having the group name listed in "Domain Users" group, does not grant user access under the group rights on a directory. Should be simple, but I don't know the syntax to use for this reference.

Thanks for any advice/help!!!
Merlin53
 
Old 04-14-2011, 06:04 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Unless I'm missing something very significant here, ldap doesn't support this. Data in ldap is merely individual atomic pieces of arbitrary data. They don't really *mean* anything to ldap, so traversal of group membership hierarchies are not it's problem, but the ldap client which is interpreting the data into something meaningful. AD does this, which is probably why you're expecting, but AD is doing that extra layer of interpretation in it's role of being much more than just a directory. So whilst most things are perfectly possible, it's your client that needs to do that, if it can.
 
Old 04-14-2011, 10:20 AM   #3
Merlin53
Member
 
Registered: May 2003
Location: Dayton, Ohio
Distribution: Redhat/IRIX/Windows
Posts: 35

Original Poster
Rep: Reputation: 15
Bummer... I have looked through lots of documentation, and haven't seen anything that actually does referencing of other data, which is why I asked. Your assumption is correct, I was hoping to define "Domain Users" group as a sum of all the other defined groups, which I would use as a permission/owener on directories on client systems. This was an attempt to simplify administration, but looks like I will have to find another solution.

Thanks Chris!!!
Al
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
invalid group id redhat linux as 5 - all groups in group file are invalid groups nlong1 Red Hat 1 02-15-2009 04:43 AM
Define global variable maxmil Linux - Newbie 4 03-07-2006 11:36 AM
How can I define a global variable? kloss Linux - General 4 02-21-2006 05:30 AM
winbind: wbinfo -g only lists global groups from PDC and not local groups saradiya Linux - Networking 0 12-01-2003 03:58 AM
how to define a global variable Anniebaby Programming 1 11-09-2003 11:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration