On Tue, 2010-05-04 at 20:13 -0400, Rick Dicaire wrote:
On Tue, May 4, 2010 at 7:31 PM, John A. Sullivan III
<jsullivan(a)opensourcedevel.com> wrote:
> Sure - go to the advanced properties of the group. Look at the
> objectclass attribute. If it does not contain posixgroup (I believe
> that's the correct value - I'm not looking at my 389 right now), click
> in the list of values and then click add value. Choose posixgroup from
> the list.
>
> Then click on add attribute and choose memberuid from the list. There
> will be a blank field for memberuid. Enter the first uid. To enter
> additional uids, click add value and enter the new uid - John
John, thanks, this is great....I decided to try something based on
this. Since both users I'd added have the same gid, I noticed a
gidnumber field was added when I added posixgroup to Object class. I
set this fields value to that of the users gid. I removed the
previously added memberuid attribute that had the uid vaules of the
two users:
ardy@daw1~$ getent group guitar
guitar:*:1200:graz,mraz
ardy@daw1~$ id graz
uid=1200(graz) gid=1200(guitar) groups=1200(guitar)
ardy@daw1~$ id mraz
uid=1201(mraz) gid=1200(guitar) groups=1200(guitar)
Seems to me, at this juncture, its unnecessary to add the memberuid
attribute and fill it with uid values?
Some more experimenting, added another group, added posixgroup to
Object class, set the gidnumber for the group, added the same two
users to it:
ardy@daw1~$ getent group amplifier
amplifier:*:1201:graz,mraz
ardy@daw1~$ id graz
uid=1200(graz) gid=1200(guitar) groups=1200(guitar),1201(amplifier)
ardy@daw1~$ id mraz
uid=1201(mraz) gid=1200(guitar) groups=1200(guitar),1201(amplifier)
Now, while getent shows all groups for a user, is there a way to see
all the groups a specific user is in with 389-console, I'm not seeing
any secondary groups in advanced properties for the user.
Thanks again John, this really helped!
I'm pulling this out of memory so you may want to verify it. We do have
a memberof attribute for our users. I believe it is populated via a
memberof plugin. There is documentation on it. We implemented it when
it was first released and it was a little temperamental. I don't recall
all the issues off-hand but I think it required the users to have an
objectclass which was not added by default - perhaps inetuser. In any
event, there is good documentation and a very extensive email thread in
the archives. Glad to be of assistance - John