21.3. Creating Netgroups
21.3.1. Adding a Netgroup
To add a Netgroup, you can use:
- the IdM web UI (see the section called “Web UI: Adding a Netgroup”)
- the command line (see the section called “Command Line: Adding a Netgroup”)
Web UI: Adding a Netgroup
- Select
- Click Add.
- Enter a unique name and, optionally, a description. The group name is the identifier used for the netgroup in the IdM domain. You cannot change it later.
- Click to save the changes and to start editing the entry.
- The default NIS domain is set to the IdM domain name. Optionally, you can enter the name of the alternative NIS domain in the NIS domain name field.
Figure 21.1. Netgroup Tab
The NIS domain name field sets the domain that appears in the netgroup triple. It does not affect which NIS domain the Identity Management NIS listener responds to. - Add members, as described in the section called “Web UI: Adding Members to a Netgroup”.
- Click .
Command Line: Adding a Netgroup
You can add a new netgroup using the ipa netgroup-add command. Specify:
- the group name.
- optionally, a description.
- optionally, the NIS domain name if it is different than the IdM domain name.NoteThe
--nisdomainoption sets the domain that appears in the netgroup triple. It does not affect which NIS domain the Identity Management listener responds to.
For example:
[root@server ~]# ipa netgroup-add --desc="Netgroup description" --nisdomain="example.com" example-netgroup
To add members to the netgroup, see the section called “Command Line: Adding Members to a Netgroup”.
21.3.2. Adding Members to a Netgroup
Beside users and hosts, netgroups can contain user groups, host groups, and other netgroups (nested groups) as members. Depending on the size of a group, it can take up to several minutes after you create a nested groups for the members of the child group to show up as members of the parent group.
To add members to a Netgroup, you can use:
- the IdM web UI (see the section called “Web UI: Adding Members to a Netgroup”)
- the command line (see the section called “Command Line: Adding Members to a Netgroup”)
Warning
Do not create recursive nested groups. For example, if GroupA is a member of GroupB, do not add GroupB as a member of GroupA. Recursive groups are not supported and can cause unpredictable behavior.
Web UI: Adding Members to a Netgroup
To add members to a netgroup using the Web UI:
- Select
- Click the name of the netgroup to which to add members.
- Click next to the required member type.
Figure 21.2. User Menu in the Netgroup Tab
- Select the members you want to add, and click to confirm.
Figure 21.3. Add User Menu in the Netgroup Tab
- Click .
Command Line: Adding Members to a Netgroup
After you created the netgroup, you can add members using the ipa netgroup-add-member command:
# ipa netgroup-add-member --users=user_name --groups=group_name --hosts=host_name \
--hostgroups=host_group_name --netgroups=netgroup_name group_nameame
To set more than one member, use a comma-separated list inside a set of curly braces. For example:
[root@server ~]# ipa netgroup-add-member --users={user1;user2,user3} \
--groups={group1,group2} example-group