[K12OSN] smbldap - adding ldap users to local groups
Rob Owens
rowens at ptd.net
Thu Oct 25 20:44:01 UTC 2007
On Thu, Oct 25, 2007 at 11:02:17AM -0700, Craig White wrote:
> On Thu, 2007-10-25 at 13:43 -0400, Rob Owens wrote:
> > Steven Santos wrote:
> > > So you are looking for something like IDMAP in SAMBA to map LDAP group names
> > > to local group names, without the numbers needing to match,
> > Yes, I think so...
> >
> > > or more to the
> > > point, the machine being able to say to the LDAP database "I am a
> > > Centros/RedHat/Whatever machine, the correct gid for the FUSE group is...?"
> > > and to get the proper mapping that way.
> > I wouldn't need any logic like this built in if I could simply do this:
> > 1) create an LDAP group called "ldapcdrom"
> > 2) add millions of LDAP users to the ldapcdrom group
> > 3) on a Debian machine, make "ldapcdrom" a member of the local group "cdrom"
> > 4) on a CentOS machine, make "ldapcdrom" a member of the local group "disk"
> > 5) *not* have to add millions of LDAP users to each local group
> > ("cdrom", "disk", etc)
> >
> > That way I decide which local group matches up with which ldap group,
> > but I only have to establish that relationship once on each machine.
> > Unfortunately, local groups do not seem to accept other groups as
> > members -- they only accept users. That is what my testing suggests,
> > anyway.
> ----
> perhaps you should define what a CentOS machine and a CentOS user is.
>
> In my thinking, a user that logs onto a CentOS 4.4 or CentOS 5 system
> and inserts a CD has no problem using it.
>
Hmm. I also have a CentOS 4.4 and CentOS 5 server and I couldn't access the cd as a regular user w/o assigning myself to the "disk" group. Ubuntu and Debian definitely do it this way. Additionally, those distros use group membership to provide access to the sound card, video devices, scanners, and stuff like that.
-Rob
More information about the K12OSN
mailing list