Prior to the introduction of RBAC (Role Based Access Control), NVOS supported three types of users. User privileges are managed through the LDAP server by assigning users to specific LDAP groups. Membership in these groups determined the operations that a user was authorized to perform.

Admin privileged users (nv set, nv config apply): 1000(admin), 4(adm), 27(sudo), 999(docker), 1001(redis), 997(nvset), 996(nvapply) Monitor privileged users (nv show): 4(adm), 998(nvshow) Non-privileged users (no nv commands access)

With RBAC, the types of users can differ and change. The LDAP server configuration assigns them to specific groups. The GID is now unique by default and can be assigned to any GID by design.

Admin privileged users: 4(adm), 27(sudo), 999(docker), 1001(redis), 998(nvaction), 995(nvapply) (only nvaction and nvapply were affected) Monitor privileged users: 4(adm), 997(nvshow) Non-privileged users: No NV commands access

Below is an example of configuring LDAP server groups. This configuration allows you to define a group of LDAP servers with common settings while enabling server-specific overrides when necessary.

dn: cn=nvset,ou=People,dc=itzgeek,dc=local objectClass: posixGroup cn: nvaction gidNumber: 998 memberUid: adminuser




