[K12OSN] smbldap - adding ldap users to local groups
Rob Owens
rowens at ptd.net
Sat Oct 20 12:05:46 UTC 2007
On Fri, Oct 19, 2007 at 07:55:53PM -0400, Rob Owens wrote:
> How can I add LDAP users to local system groups? I am trying to move to LDAP, but I'm a bit confused now... I tried to add a new LDAP user to the "fuse" group (which is a non-LDAP group) and I got the message: /usr/sbin/smbldap-usermod: group "fuse" doesn't exist
>
> Am I supposed to make an LDAP group for every one of my local system groups? This seems dangerous, because there's no guarantee that the "fuse" group on one of my systems is treated the same as the "fuse" group on another system.
>
Here's an example of what I'm concerned about.
I compared /etc/group on a Debian Etch machine and an Ubuntu Feisty machine. Here are some system group numbers that are different between the two machines.
gid Etch group Feisty Group
101 crontab dhcp
102 Debian-exim syslog
103 ssh klog
104 messagebus ssl-cert
105 avahi crontab
106 netdev ssh
107 lpadmin messagebus
108 haldaemon avahi
109 powerdev lpadmin
110 scanner haldaemon
111 gdm scanner
112 backuppc slocate
113 ntp gdm
114 openldap admin
116 mythtv avahi-autoipd
117 bind netdev
118 winbindd_priv nvram
For gids from 0 to 100, the Etch and Feisty group names are identical. My Centos 5 system, however, has differences in the 0-100 range. Additionally, the Centos system has the all-important "fuse" group at gid 101, whereas the Etch and Feisty systems have "fuse" at gid 115.
So if I want to have multiple distros on the same network, how do I properly tie them together with LDAP?
More information about the K12OSN
mailing list