24.4.7 Adding a Group to LDAP

If you configure users in user private groups (UPGs), define that group along with the user. See Section 24.4.8, “Adding a User to LDAP”.

To add a group to LDAP:

  1. Create an LDIF file that defines the group, for example employees-group.ldif:

    # Group employees
    dn: cn=employees,ou=Groups,dc=mydom,dc=com
    cn: employees
    gidNumber: 626
    objectClass: top
    objectclass: posixGroup
  2. If you have configured LDAP authentication, use the following command to add the group to LDAP:

    # ldapadd -cxWD "cn=admin,dc=mydom,dc=com" -f employees-group.ldif
    Enter LDAP Password: admin_password
    adding new entry "cn=employees,ou=Groups,dc=mydom,dc=com"

    If you have configured Kerberos authentication, use kinit to obtain a ticket granting ticket (TGT) for the admin principal, and use this form of the ldapadd command:

    # ldapadd -f employees-group.ldif
  3. Verify that you can locate the group in LDAP:

    # ldapsearch -LLL -x -b "dc=mydom,dc=com" gidNumber=626
    dn: cn=employees,ou=Groups,dc=mydom,dc=com
    cn: employees
    gidNumber: 626
    objectClass: top
    objectClass: posixGroup

For more information, see the ldapadd(1) and ldapsearch(1) manual pages.