2.5 Adding the edirAdmin User Group

In eDirectory 9.2.7 release, eDirAdmin Fixed Group name has been removed. It has been modified to incorporate the current behavior. It's flexible, configurable, modifiable and is optional (not mandatory). New installation will not create edirAdmin group. It will give an option to enter a group name, if given it will be used in place of edirAdmin. Group name can be set using -g option in ndsconfig new/add/upgrade option. User has to enter a valid and existing group name in -g option. There should not be a gap between -g and groupname (-g <groupname>). The group name given will be stored in configuration file as "n4u.server.osgroup-name". If empty, it will not be used, otherwise used to set restrictions on selected directories. The user which creates the instance, should be part of the group to set the restrictions. It is optional and if not given, it is assumed that no group setting has to be made. For upgrade/migration from 9.2.5/9.2.6, edirAdmin is already the owner, the configuring user has to be part of that group as well.

NOTE:The following edirAdmin User Group settings are applicable for 9.2.5 and 9.2.6 versions of eDirectory.

In eDirectory 9.2.5 release, a new edirAdmin user group is added to eDirectory during installation. This user group has access permission to the directories where the data, log, and configuration files are installed. Any user added to this group will have the group permissions assigned to these directories.

During root installation and configuration, the installer creates the edirAdmin user group by default. However, for non-root installation and configuration, this group must be manually created before upgrading or installing the latest version of the eDirectory. After creating the group, you must ensure that user is added to this group to be able to able to configure eDirectory server instances using his or her individual tarball installation, or by using a binary installation. On the other hand, when a non-root user performs configuration for root installed eDirectory, the group is added as part of installation. You must ensure that the user is added to this group, else they might encounter errors while configuring eDirectory using the ndsconfig utility.

On the server where eDirectory is installed, open a terminal and run the following commands:

  • To add the edirAdmin group, run groupadd edirAdmin

  • To add a user to the edirAdmin group, run usermod -a -G edirAdmin <username>

    Where <username> is the name of the user. For example, to add the user John to the edirAdmin group, you must execute the command:

    $ usermod -a -G edirAdmin john

NOTE:Before adding the user to the edirAdmin user group, the administrator must ensure that the user is not logged in to the server through any terminal session. After adding, the user can login and configure eDirectory using the ndsconfig utility.