FDS is very similar to SUN ONE DS5.2, I think netgroup ( <mailto:+ at netgroup> + at netgroup <mailto:+ at netgroupXXX> XXX in /etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf) LDAP maps could be setup to achieve what you want, it has been used by many DS5.2 administrators See: http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open LDAP%20for%20RedHat%20Enterprise%20Linux3.htm Step 5Y: Configure "netgroup" to work with RedHat or Solaris Native LDAP Clients (i.e. controlling user access to host using netgroup LDAP maps) Also see: http://swforum.sun.com/jive/thread.jspa?threadID=52764&messageID=223846# 223846 Configuring LDAP netgroups Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Jason Hane Sent: Thursday, December 08, 2005 3:51 AM To: fedora-directory-users at redhat.com Subject: Host Access Based on Group Membership I've been searching everywhere for the past week and haven't found a solution. I would like to be able to assign access to servers based upon membership to a group or role. For example, if I create a group/role called "Web Servers", everyone in that group can access all the web servers. Everyone in the group/role "Database Servers" would be allowed to log into the database servers. Users can be part of multiple groups. There has to be a way to do this already. All the clients are running OpenLDAP and can already authenticate to the Directory Server. To implement this solution, would I have to change ldap.conf or system-auth? Thanks, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20051208/c03d69ff/attachment.html
