For host-based access control, the new method says to do the following: New Method There is already an AUXILIARY objectclass provided with the pam/nss ldap distribution on Linux systems: hostObject. On a RHEL4 system, this is in the schema file /usr/share/doc/nss_ldap-226/ldapns.schema in OpenLDAP format. You can convert to Fedora DS schema format using Howto:OpenLDAPMigration like so: perl ol-schema-migrate.pl /usr/share/doc/nss_ldap-226/ldapns.schema > /opt/fedora-ds/slapd-localhost/config/schema/61ldapns.ldif However, I was able to get that working without the schema conversion, by adding 'account' objectClass and then the host attribute. It works fine and is much simpler, really... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
