I had a similar question a few weeks ago. I wanted to be able to assign a list of users access to only a specific number of computers. This is the response I got from Gary Tay: FDS is very similar to SUN ONE DS5.2, I think netgroup (+ at netgroupXXX in /etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf) LDAP maps could be setup to achieve what you want, it has been used by many DS5.2 administrators See: http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open LDAP%20for%20RedHat%20Enterprise%20Linux3.htm Step 5Y: Configure "netgroup" to work with RedHat or Solaris Native LDAP Clients (i.e. controlling user access to host using netgroup LDAP maps) Also see: http://swforum.sun.com/jive/thread.jspa?threadID=52764&messageID=223846# 223846 Configuring LDAP netgroups Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Michael Montgomery Sent: Tuesday, January 03, 2006 1:35 PM To: General discussion list for the Fedora Directory server project. Subject: Re: Server-Side ACLs for pam_ldap logins. Thanks for the response. I'll read up on this, and see if I can get this working. On Tue, 2006-01-03 at 11:29 -0700, Richard Megginson wrote: > Michael Montgomery wrote: > > >I do agree that this is closer to what I'm looking for, but the first > >problem I see is that I wanted to allow Groups of people to login to > >Groups of servers like: > > > >cn=www,ou=Group,dc=example,dc=com is a group of www servers. > >cn=Unix,ou=Group,dc=example,dc=com is a group of Unix users. > > > >So basically, on the people in the Unix group, can login to the www > >servers, and so forth. > > > > > Right. The host attribute is per user. You could set up a Roles for > your users, and use Class of Service to automatically add the host > attribute to the role members. -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
