How to config LDAP client to get data from multiple sub domains in LDAP server?

Hi All, I encountered one issue when configuring the LDAP client. My question is how to configure the LDAP client to make it get the users and groups information from two sub domains. The base domain of the LDAP server is dc=main,dc=com, and under the base domain, there are more than one sub

How to enable LDAP ports in iptables for OpenLDAP client node

Hi All, I have a RHEL 6.2 machine which is set up as an OpenLDAP client, and I can log into it with LDAP user. Now for security concern, I need to prohibit any not-root user to access the network: # /etc/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt

Re: How to enable LDAP ports in iptables for OpenLDAP client node

Allow connections too localhost for uid0 then block to anything else Can you please let me know the logic behind this? Basically, I want to block any non-root user to access network. Thanks, Qian

Re: What will happen if a user is a member of a group, but has another group as its primary group

If your applications use getgrouplist(3), then you can't just ignore the gidNumber (see the manpage for details) from the passwd database, but you could change the gidNumber to match the secondary group if you're not concerned about the default gidNumber. If your applications are PAM aware,

What will happen if a user is a member of a group, but has another group as its primary group

Hi, In my OpenLDAP server, it is possible to set a user as a member of a group, but it has another group as its primary group (I am using LDAP Admin as LDAP client tool). For example, in group1, I can see user1 as its memberUid attribute, but the gidNumber attribute of user1 is group2. I'd like

Re: What will happen if a user is a member of a group, but has another group as its primary group

Thanks Dan! Basically, I also have concern about the performance. Because in that case, when figuring out how many users in a group, I need to not only consider the group's membership (memberUID) attribute, but also user's gidNumber attribute (I am trying to write a Java application talk to my

Re: What will happen if there are two user with same uid in OpenLDAP server

Do you use something like cn=My Name,ou=Users,dc=example,dc=com with uid in the entry or uid=ghenry,ou=Users,dc=example,dc=com ? [Qian] Sorry, I am new to LDAP, can you please let me know how to figure out which way I am using for DN format? By some ldap commands? BTW, I installed and setup

Does OpenLDAP 2.4 support nested group

Hi, I'd like to know in OpenLDAP 2.4, if I create a group (objectClass is posixGroup), is it possible that I create another group as the member of this group? Or I have to do this with group which has groupOfNames as its objectClass? Thanks, Qian