0

I have a group in my LDAP ('devteam') that I use for login on all machines of the parc.

I would like all these users to also belong to the group 'docker', that allows them to manipulate the docker daemon.

The problem is this: I don't want to have to add the user twice (once in devteam, then in docker), so I'd like the docker group to have the same members than the devteam group.

I have tried to have a group set like this:

dn: cn=docker,ou=groups,ou=corporate,dc=company,dc=com objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: docker gidNumber: 10006 member: cn=devteam,ou=groups,ou=corporate,dc=company,dc=com

Which I found here: https://docs.oracle.com/cd/E23824_01/html/821-1455/gladg.html

But this does not work, when I login to a machine, I only belong to the "devteam" group.

I also tried to use objectClass = alias and set the docker group as an alias of the devteam group, but then I can't have a "cn" that says docker, due to the way the schema is done.

How can I do that?

(note: I'm using OpenDJ as LDAP server)

Improve this question
1
  • Use a nested group instead? Commented Sep 1, 2016 at 9:28

1 Answer 1

Reset to default
0

cn=devteam,ou=groups,ou=corporate,dc=company,dc=com needs to be an existing posixGroup with a distinct gidNumber.

Additionally, your group namespace resolver, be it nslcd or sssd, needs to use rfc2307bis schema. Most of them generally used rfc2307 by default.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.