I do agree that this is closer to what I'm looking for, but the first problem I see is that I wanted to allow Groups of people to login to Groups of servers like: cn=www,ou=Group,dc=example,dc=com is a group of www servers. cn=Unix,ou=Group,dc=example,dc=com is a group of Unix users. So basically, on the people in the Unix group, can login to the www servers, and so forth. Is there any way, other than client side pam modules, such as: http://www.splitbrain.org/projects/pam_require That will allow this to work? Thanks again everyone. On Tue, 2006-01-03 at 08:02 -0700, Richard Megginson wrote: > Does this help? http://directory.fedora.redhat.com/wiki/Howto:Posix > > Michael Montgomery wrote: > > >I've been searching through both the openldap, and this mailing list for > >any reference to defining server-side ACLs to allow/restrict access to > >certain computers, or groups of computers based on the group that the > >user is associated with. One reference I found was this: > > > >http://www.openldap.org/lists/openldap-software/200408/msg00280.html > > > >But there are no responses to this query. > > > >Neither the OReilly, or the "Understanding and Deploying Ldap Directory > >Services" books I have make any solid mention of this either, and online > >searching has uncovered little, at best. > > > >Does anyone have any ideas if this is even possible, and if it is, are > >there any references I can use as a template to begin implementation and > >testing of this? > > > >Thanks for any help you can offer. > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
