[K12OSN] smbldap - adding ldap users to local groups
Craig White
craig at tobyhouse.com
Fri Oct 26 18:00:47 UTC 2007
On Thu, 2007-10-25 at 19:57 -0400, Rob Owens wrote:
> On Thu, Oct 25, 2007 at 02:31:59PM -0700, Craig White wrote:
> > On Thu, 2007-10-25 at 16:44 -0400, Rob Owens wrote:
> > > On Thu, Oct 25, 2007 at 11:02:17AM -0700, Craig White wrote:
> > > > On Thu, 2007-10-25 at 13:43 -0400, Rob Owens wrote:
> > > > > Steven Santos wrote:
> > > > > > So you are looking for something like IDMAP in SAMBA to map LDAP group names
> > > > > > to local group names, without the numbers needing to match,
> > > > > Yes, I think so...
> > > > >
> > > > > > or more to the
> > > > > > point, the machine being able to say to the LDAP database "I am a
> > > > > > Centros/RedHat/Whatever machine, the correct gid for the FUSE group is...?"
> > > > > > and to get the proper mapping that way.
> > > > > I wouldn't need any logic like this built in if I could simply do this:
> > > > > 1) create an LDAP group called "ldapcdrom"
> > > > > 2) add millions of LDAP users to the ldapcdrom group
> > > > > 3) on a Debian machine, make "ldapcdrom" a member of the local group "cdrom"
> > > > > 4) on a CentOS machine, make "ldapcdrom" a member of the local group "disk"
> > > > > 5) *not* have to add millions of LDAP users to each local group
> > > > > ("cdrom", "disk", etc)
> > > > >
> > > > > That way I decide which local group matches up with which ldap group,
> > > > > but I only have to establish that relationship once on each machine.
> > > > > Unfortunately, local groups do not seem to accept other groups as
> > > > > members -- they only accept users. That is what my testing suggests,
> > > > > anyway.
> > > > ----
> > > > perhaps you should define what a CentOS machine and a CentOS user is.
> > > >
> > > > In my thinking, a user that logs onto a CentOS 4.4 or CentOS 5 system
> > > > and inserts a CD has no problem using it.
> > > >
> > > Hmm. I also have a CentOS 4.4 and CentOS 5 server and I couldn't access the cd as a regular user w/o assigning myself to the "disk" group. Ubuntu and Debian definitely do it this way. Additionally, those distros use group membership to provide access to the sound card, video devices, scanners, and stuff like that.
> > >
> > ----
> > I'm not going to say I don't believe you but I am going to say that it
> > doesn't match my experiences...
> >
> > Recognize though that if you log into GUI or somehow mount a CD as root
> > and then log in as a user, that the user is not gonna have access to it.
> > But the standard distribution, upon startup, user logs in, inserts CD,
> > CD mounts for user (special circumstances with music CD's and DVD's) and
> > the user can open it (generally automatically mounts in /media), user
> > can use it, and even eject it.
> >
> Ubuntu (maybe CentOS, I'm not sure) automatically assign users to the cdrom group (and certain other groups) if you create the users as a "Desktop User" or something like that. If you want to check your system and see if it's this way, do ls -al /dev/cdrom and see if it's readable by all. Mine isn't.
----
RHELv5 (ES - Server install)
# ls -l /dev/cdrom
lrwxrwxrwx 1 root root 3 May 19 11:19 /dev/cdrom -> hda
Fedora Core 6
# ls -l /dev/cdrom
lrwxrwxrwx 1 root root 3 Oct 16 08:56 /dev/cdrom -> hdc
These are 'out of the box' configurations
Craig
More information about the K12OSN
mailing list