On Tue, 2010-05-04 at 20:13 -0400, Rick Dicaire wrote: > On Tue, May 4, 2010 at 7:31 PM, John A. Sullivan III > <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: > > Sure - go to the advanced properties of the group. Look at the > > objectclass attribute. If it does not contain posixgroup (I believe > > that's the correct value - I'm not looking at my 389 right now), click > > in the list of values and then click add value. Choose posixgroup from > > the list. > > > > Then click on add attribute and choose memberuid from the list. There > > will be a blank field for memberuid. Enter the first uid. To enter > > additional uids, click add value and enter the new uid - John > > John, thanks, this is great....I decided to try something based on > this. Since both users I'd added have the same gid, I noticed a > gidnumber field was added when I added posixgroup to Object class. I > set this fields value to that of the users gid. I removed the > previously added memberuid attribute that had the uid vaules of the > two users: > > ardy@daw1~$ getent group guitar > guitar:*:1200:graz,mraz > ardy@daw1~$ id graz > uid=1200(graz) gid=1200(guitar) groups=1200(guitar) > ardy@daw1~$ id mraz > uid=1201(mraz) gid=1200(guitar) groups=1200(guitar) > > Seems to me, at this juncture, its unnecessary to add the memberuid > attribute and fill it with uid values? > > Some more experimenting, added another group, added posixgroup to > Object class, set the gidnumber for the group, added the same two > users to it: > > ardy@daw1~$ getent group amplifier > amplifier:*:1201:graz,mraz > ardy@daw1~$ id graz > uid=1200(graz) gid=1200(guitar) groups=1200(guitar),1201(amplifier) > ardy@daw1~$ id mraz > uid=1201(mraz) gid=1200(guitar) groups=1200(guitar),1201(amplifier) > > Now, while getent shows all groups for a user, is there a way to see > all the groups a specific user is in with 389-console, I'm not seeing > any secondary groups in advanced properties for the user. > > Thanks again John, this really helped! > I'm pulling this out of memory so you may want to verify it. We do have a memberof attribute for our users. I believe it is populated via a memberof plugin. There is documentation on it. We implemented it when it was first released and it was a little temperamental. I don't recall all the issues off-hand but I think it required the users to have an objectclass which was not added by default - perhaps inetuser. In any event, there is good documentation and a very extensive email thread in the archives. Glad to be of assistance - John -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
