License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: OpenLDAP Groups in Groups for Gentoo Linux

Here is an example how I managed putting posix groups in other groups (nested groups) over OpenLDAP.

If you want to use this solution you need the following howto(s) finished:

Changes in /etc/openldap/groupsingrpoups.ldif

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/openldap/groupsingrpoups.ldif

Changed on 19.02.10
Issued by olli
Beginning line 1

This is an example LDIF-File for groups in groups. First an "normal" group users with id 100 and three Users is inserted.
Then the users group is put into the audio group. The output of "getent group audio" will tell you that there are user1, user2 and user3 in the audio group.
And voila. You have a nested group or a group in a group.
So change the file according your needs and insert it with

ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/groupsingroups.ldif

dn: cn=users,ou=Group,dc=example,dc=com
objectClass: gaboshGroup
objectClass: posixGroup
objectClass: top
uniqueMember: cn=user1,ou=Users,ou=People,dc=example,dc=com
uniqueMember: cn=user2,ou=Users,ou=People,dc=example,dc=com
uniqueMember: cn=user3,ou=Users,ou=People,dc=example,dc=com
gidNumber: 100
cn: users

dn: cn=audio,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
objectClass: gaboshGroup
cn: audio
gidNumber: 18
uniqueMember: cn=users,ou=Group,dc=example,dc=com

Changes in /etc/openldap/schema/gabosh.schema

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/openldap/schema/gabosh.schema

Changed on 19.02.10
Issued by olli
Beginning line 1

This is the schema for using nested groups (groups in groups)

objectclass ( 1.3.6.1.4.1.35312.1 NAME 'gaboshGroup'
        DESC 'adds uniqueMember attribut for groups'
        SUP top AUXILIARY
        MAY ( uniqueMember )
        )

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here