On Wednesday, 10 August 2011 10:11:17 pradyumna dash wrote: > Guys, > > I have a query, lets take a scenario : > > Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and > "ITTech", What is needed is like say when a user "bob" logging > in to "Server1" he will get the group "Admin", but when he logs in to > "Server2" he will get group "ITTech". Also it may vary for different users > like when "Kris" logs in to Server1 he may get a group called "ITTech" and > when he logs in to "Server2" he will get some other group say "Security". > Can it be possible by OpenLDAP ?
IMHO, this is a bad idea. It will specifically be problematic if you have any files shared/replicated/backed up between servers (e.g. via NFS). > If this is achieved then we are planning > to have SUDO files based on the grooups. It would be much more effective to have your sudo rules in LDAP, and apply a rule to a set of users/groups to a collection/netgroup of hosts. Regards, Buchan
