System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP-UX and duplicate groups

Marcus Serrao
Occasional Contributor

LDAP-UX and duplicate groups

Hi,

I'm a consultant tasked to integrate HP-UX servers (11i, various versions 1,2,3) with LDAP-UX. They have a group called "sas" on each server tied to a SAS application. We are planning on controlling access to each system by using LDAP-UX profiles or pam_authz. The problem is that this group "sas" exists on each server and the client would like the group to remain unique once the passwd and group entries get moved to the LDAP server.

My question is, how does LDAP-UX and the LDAP server handle the same group name from multiple servers with different GIDs?
Our base DN would be something like this:
ou=unix,o=myorg

And our Group "ou" would exist here I guess:
ou=Group,ou=unix,o=myorg

An of course the LDAP server doesn't support having the multiple FQDNs that are the same, like:
cn=sas,ou=Group,ou=unix,o=myorg

Any help?


3 REPLIES
Steven E. Protter
Exalted Contributor

Re: LDAP-UX and duplicate groups

Shalom,

Somewhere, you need to resolve the conflict.

I suggest manipulating the systems and making the sas group the same id on all systems and then proceeding with the integration.

http://www.docs.hp.com/en/15204/CIFSUnifiedLogin.pdf

That doc might help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Marcus Serrao
Occasional Contributor

Re: LDAP-UX and duplicate groups

That was quick! Wow.
I will review this document you referred to and will inform the client to see what they want to do.
Thank you much SEP!
Marcus Serrao
Occasional Contributor

Re: LDAP-UX and duplicate groups

Will use the advice from SEP's comments.