[389-users] Users with the same ID
Jonathan Vaughn
jonathan at creatuity.com
Wed May 7 19:41:46 UTC 2014
If this is only a local account vs LDAP account problem, the solution is to
make sure LDAP accounts are never in the same range as local accounts. We
have all of our LDAP accounts and groups UID/GID over 1000000.
If they are both local accounts that you are porting into LDAP.. this gets
more difficult. Best but not easiest is probably to force all accounts that
will be in LDAP to have new, higher UIDs that won't collide with local,
then on each machine chown / chgrp everything to their new uid/gid.
On Wed, May 7, 2014 at 9:40 AM, Enrico Morelli <morelli at cerm.unifi.it>wrote:
> Dear,
>
> I'm porting my working areas authentication on 389-ds. I've nominal
> user credential and project credential. So I have user and project
> that has the same POSIX ID but different POSIX group and OU.
>
> EG:
> morelli PosixID: 1000 groupID: 100 OU: Technical Staff
> java PosixID: 1000 groupID: 900 OU: Project Research
>
> Now under Linux, if I login with my credential I find that all my files
> are of the java project user.
>
> In the systems sssd.conf I have:
>
> access_provider = ldap
> ldap_access_order = filter
> ldap_access_filter = (gidNumber=100)
>
> Is it possible to avoid this problem? I want that in some machine only
> components of a determined group is able to login. The other
> users/groups hasn't to be visible.
>
> Thanks
> --
> -------------------------------------------------------------
> Enrico Morelli
> System Administrator | Programmer | Web Developer
>
> CERM - Polo Scientifico
> Via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> phone: +39 055 457 4269
> fax: +39 055 457 4927
> -------------------------------------------------------------
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140507/9fa2c0f0/attachment.html>
More information about the 389-users
mailing list