0

I have a group in my LDAP ('devteam') that I use for login on all machines of the parc.

I would like all these users to also belong to the group 'docker', that allows them to manipulate the docker daemon.

The problem is this: I don't want to have to add the user twice (once in devteam, then in docker), so I'd like the docker group to have the same members than the devteam group.

I have tried to have a group set like this:

dn: cn=docker,ou=groups,ou=corporate,dc=company,dc=com
objectClass: groupOfNames
objectClass: posixGroup
objectClass: top
cn: docker
gidNumber: 10006
member: cn=devteam,ou=groups,ou=corporate,dc=company,dc=com

Which I found here: https://docs.oracle.com/cd/E23824_01/html/821-1455/gladg.html

But this does not work, when I login to a machine, I only belong to the "devteam" group.

I also tried to use objectClass = alias and set the docker group as an alias of the devteam group, but then I can't have a "cn" that says docker, due to the way the schema is done.

How can I do that?

(note: I'm using OpenDJ as LDAP server)

Gui13
  • 43
  • 1
  • 9
  • Use a [nested group](http://docs.oracle.com/cd/E19450-01/820-6169/defining-nested-groups.html) instead? – HBruijn Sep 01 '16 at 09:28

1 Answers1

0

cn=devteam,ou=groups,ou=corporate,dc=company,dc=com needs to be an existing posixGroup with a distinct gidNumber.

Additionally, your group namespace resolver, be it nslcd or sssd, needs to use rfc2307bis schema. Most of them generally used rfc2307 by default.

84104
  • 12,905
  • 6
  • 45
  • 76