System Administration
Showing results for 
Search instead for 
Did you mean: 

LDAP-UX and duplicate groups

Marcus Serrao
Occasional Contributor

LDAP-UX and duplicate groups


I'm a consultant tasked to integrate HP-UX servers (11i, various versions 1,2,3) with LDAP-UX. They have a group called "sas" on each server tied to a SAS application. We are planning on controlling access to each system by using LDAP-UX profiles or pam_authz. The problem is that this group "sas" exists on each server and the client would like the group to remain unique once the passwd and group entries get moved to the LDAP server.

My question is, how does LDAP-UX and the LDAP server handle the same group name from multiple servers with different GIDs?
Our base DN would be something like this:

And our Group "ou" would exist here I guess:

An of course the LDAP server doesn't support having the multiple FQDNs that are the same, like:

Any help?

Steven E. Protter
Exalted Contributor

Re: LDAP-UX and duplicate groups


Somewhere, you need to resolve the conflict.

I suggest manipulating the systems and making the sas group the same id on all systems and then proceeding with the integration.

That doc might help.

Steven E Protter
Owner of ISN Corporation
Marcus Serrao
Occasional Contributor

Re: LDAP-UX and duplicate groups

That was quick! Wow.
I will review this document you referred to and will inform the client to see what they want to do.
Thank you much SEP!
Marcus Serrao
Occasional Contributor

Re: LDAP-UX and duplicate groups

Will use the advice from SEP's comments.