Adding Group Members

Group name: engineering Description: for engineers GID: 387115842

IMPORTANT

Whe n a group is cre ate d without s pe cifying a GID numbe r, the n the group e ntry is as s igne d the ID numbe r that is ne xt available in the s e rve r or re plica range .

(Numbe r range s are de s cribe d more in Se ction 10.8, “Managing Unique UID and GID Numbe r As s ignme nts ”.) This me ans that a group always has a unique numbe r for its GID numbe r.

If a numbe r is manually as s igne d to a group e ntry, the s e rve r doe s not validate that the gidNumber is unique . It will allow duplicate IDs ; this is e xpe cte d (though

dis courage d) be havior for POSIX e ntrie s .

If two e ntrie s are as s igne d the s ame ID numbe r, only the firs t e ntry is re turne d in a s e arch for that ID numbe r. Howe ve r, both e ntrie s will be re turne d in s e arche s for othe r attribute s or with ipa group-find --all.

NOTE

You cannot e dit the group name . The group name is the primary ke y, s o changing it is the e quivale nt of de le ting the group and cre ating a ne w one .

10.10.2.2. Adding Group Members

10 .10 .2.2.1. Wit h t he Web UI (Gro up Page)

NOTE

This proce dure adds a us e r to a group. Us e r groups can contain othe r us e r groups as the ir me mbe rs . The s e are nested groups .

It can take up to s e ve ral minute s for the me mbe rs of the child group to s how up as me mbe rs of the pare nt group. This is e s pe cially true on virtual machine s whe re the ne s te d groups have more than 500 me mbe rs .

Whe n cre ating ne s te d groups , be care ful not to cre ate recursive groups . For e xample , if GroupA is a me mbe r of GroupB, do not add GroupB as a me mbe r of GroupA. Re curs ive groups are not s upporte d and can caus e unpre dictable be havior.

1. Ope n the Identity tab, and s e le ct the User Groups s ubtab.

2. Click the name of the group to which to add me mbe rs .

3. Click the Add link at the top of the tas k are a.

4. Click the che ckbox by the name s of the us e rs to add, and click the right arrows button, >>, to move the name s to the s e le ction box.

⁠Chapt e r 10. Managing Use rs and Use r Gro ups

5. Click the Add button.

Group me mbe rs can be us e rs or othe r us e r groups . It can take up to s e ve ral minute s for the me mbe rs of the child group to s how up as me mbe rs of the pare nt group. This is e s pe cially true on virtual machine s whe re the ne s te d groups have more than 500 me mbe rs .

10 .10 .2.2.2. Wit h t he Web UI (User's Page)

Us e rs can als o be adde d to a group through the us e r's page . 1. Ope n the Identity tab, and s e le ct the Users s ubtab.

2. Click the name of the us e r to e dit.

3. Ope n the User Groups tab on the us e r e ntry page .

4. Click the Add link at the top of the tas k are a.

5. Click the che ckbox by the name s of the groups for the us e r to join, and click the right arrows button, >>, to move the groups to the s e le ction box.

6. Click the Add button.

10 .10 .2.2.3. Wit h t he Co mmand Line

Me mbe rs are adde d to a group us ing the group-add-member command. This command can add both us e rs as group me mbe rs and othe r groups as group me mbe rs .

⁠Chapt e r 10. Managing Use rs and Use r Gro ups

The s yntax of the group-add-member command re quire s only the group name and the us e rs or groups to add. Lis ts of e ntrie s can be s e t by us ing the option multiple time s with the s ame command invocation or by lis ting the options in a comma-s e parate d lis t ins ide curly brace s , s uch as --option={val1,val2,val3}.

[bjensen@server ~]$ ipa group-add-member groupName [--users=user1 ...]

A group me mbe r is re move d us ing the group-remove-member command.

[bjensen@server ~]$ ipa group-remove-member engineering --users=jsmith Group name: engineering

Description: for engineers GID: 855800009

Member users: bjensen,mreynolds

---Number of members removed 1

---10 .---10 .2.2.4. Viewing Direct and Indirect Members o f a Gro up

Us e r groups can contain othe r us e r groups as me mbe rs . This is calle d a nested group.

This als o me ans that a group has two type s of me mbe rs : Direct members, which are adde d e xplicitly to the group

Indirect members, which are me mbe rs of the group be caus e the y are me mbe rs of anothe r us e r group which is a me mbe r of the group

The IdM we b UI has an e as y way to vie w dire ct and indire ct me mbe rs of a group. The me mbe rs lis t is filte re d by me mbe r type , and this can be toggle d by s e le cting the Direct and Indirect radio buttons at the top right corne r of the me mbe rs lis t.

Figure 10 .4. Indirect and Direct Members

Be ing able to track indire ct me mbe rs make s it e as ie r to as s ign group me mbe rs hip prope rly, without duplicating me mbe rs hip.