I have an ldap server with users and groups.
Also, another server that is using the first one for the accounts.
Users from ldap can login to the second server.
I can add groups to the users in ldap.
I tried to add a group (the group exists only in ldap) to a system user in the second server without any luck. Is it possible ?
Thanks !
Best Answer
I have searched for the answer to the same question (as you can see).
My conclusion is that you cannot assign an LDAP group to a user that exists locally only.
These are two worlds: - either the user (and its groups) are local - or they are not, i.e. all is stored in the directory.
For example: what would happen if the user already has a primary group that is local, and you'd try to add a secondary group to that user? Usually, that would be stored in /etc/group, but in this case it would have to modify the directory which it probably can't.
So I guess that's a no-go.