Following on from my previous topic:
http://forum.java.sun.com/thread.jspa?threadID=5173933&tstart=20
I have several LDAP users and netgroups, all working well now....
I have posix groups configured, and they all work well too....
E.g. LDAP uid of
dmacpherson is a member of the LDAP posixgroup
suppadmin....
There is an LDAP
suppadmin-ng netgroup which allows access to certain hosts through the
+@suppadmin-ng
entry on the passwd and shadow files.
I have local
root users, and
suppapp (application) users and groups on the machines which run the ldap client .
I also have some local users -
suppapp is a member of the
applications group.
The local uid for
suppapp is 1001
The local gid for
applications is 1000
As the
suppapp user runs the application, all the directory structure under which the app files sits is owned by
suppapp/
applications
We want the user
dmacpherson, who is a member of the
suppadmin LDAP posix group to also be a member of the
applications group, and therefore have the group privileges required to allow access to the files / dirs.
As posixaccounts in LDAP cannot have multiple specified gids, I also created the group
applications in LDAP with the gid of 1000, and added
dmacpherson as a memberuid.
Now, when using the "groups" command in my clients, I get multiple group memberships -
suppapp and
applications - but when I try to write a file to a directory with appropriate permissions for the local group applications (again, with the same gid as the LDAP one), I get "permission denied".
Can anyone shed some light on how I should be configuring my LDAP accounts to have multiple group memberships, including local groups on my systems?
Thanks.