[K12OSN] smbldap - adding ldap users to local groups
Craig White
craig at tobyhouse.com
Thu Oct 25 18:02:17 UTC 2007
On Thu, 2007-10-25 at 13:43 -0400, Rob Owens wrote:
> Steven Santos wrote:
> > So you are looking for something like IDMAP in SAMBA to map LDAP group names
> > to local group names, without the numbers needing to match,
> Yes, I think so...
>
> > or more to the
> > point, the machine being able to say to the LDAP database "I am a
> > Centros/RedHat/Whatever machine, the correct gid for the FUSE group is...?"
> > and to get the proper mapping that way.
> I wouldn't need any logic like this built in if I could simply do this:
> 1) create an LDAP group called "ldapcdrom"
> 2) add millions of LDAP users to the ldapcdrom group
> 3) on a Debian machine, make "ldapcdrom" a member of the local group "cdrom"
> 4) on a CentOS machine, make "ldapcdrom" a member of the local group "disk"
> 5) *not* have to add millions of LDAP users to each local group
> ("cdrom", "disk", etc)
>
> That way I decide which local group matches up with which ldap group,
> but I only have to establish that relationship once on each machine.
> Unfortunately, local groups do not seem to accept other groups as
> members -- they only accept users. That is what my testing suggests,
> anyway.
----
perhaps you should define what a CentOS machine and a CentOS user is.
In my thinking, a user that logs onto a CentOS 4.4 or CentOS 5 system
and inserts a CD has no problem using it.
This of course assumes an /etc/fstab and udev/hal rules that haven't
been mucked with.
Am I missing something really basic here? Granted that I tend to use
CentOS or RHEL for servers and Fedora for user workstations but I had an
LDAP user connect a USB Zip drive to her Fedora 7 system yesterday and
it was truly plug and play - no group accommodations at all.
Craig
More information about the K12OSN
mailing list