How to add LDAP user to existing group?

Question

I'm attempting to add some of our LDAP users to a locally defined group on our RHEL server, however I get an error stating that the LDAP user is not found in /etc/passwd.

What would be the best way to allow LDAP users to be added to local groups?

My feeling is that this must be done manually. I could edit: /etc/group and add the LDAP group to the list. Would that be ideal?

[server]# id apache
uid=409(apache) gid=409(apache) groups=409(apache) context=user_u:system_r:unconfined_t:s0
[server]# id john.doe
uid=11389(john.doe) gid=6097(ABC_Corporate_US) groups=6097(ABC_Corporate_US) context=user_u:system_r:unconfined_t:s0
[server]# /usr/sbin/usermod -a -G apache john.doe
usermod: john.doe not found in /etc/passwd

OS: RHEL (Red Hat Enterprise Linux Server release 5.3 (Tikanga)) Note: Updating the OS on this machine is not an option.

There are LDAP schema that support UNIX groups; if you use those, then you don't have to mess with on-system UNIX groups at all. — Mei, Mar 05 '12 at 15:57

score 4 · Answer 1 · answered Mar 02 '12 at 18:53

4

Your version of usermod doesn't support LDAP. This was fixed in newer versions of RHEL:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/shadow-utils.html

answered Mar 02 '12 at 18:53

arr

66
2

That means he could probablu edit /etc/group manually to add the users then? – Yanick Girouard Mar 02 '12 at 19:23
While this may be true that the current version is out of date, it doesn't really answer the question (which is: How do you get around it in the current version posted?). I may not have permission to update RHEL. – Highway of Life Mar 03 '12 at 01:43

score 3 · Accepted Answer · answered Mar 20 '12 at 19:53

3

I discovered that this can be achieved using the gpasswd command.

gpasswd -a john.doe apache

answered Mar 20 '12 at 19:53

Highway of Life

496
1
7
14

How to add LDAP user to existing group?

2 Answers2