RE: ACI for Netgroup?????

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Further to this , What I attempted is I added a netgroup entry  like the
same:

 

dn: cn=QAUsers,ou=Netgroup,dc=im,dc=logica,dc=com
objectClass: nisNetgroup
objectClass: top
cn: QAUsers
nisNetgroupTriple: (,bobby,im.logica.com)
nisNetgroupTriple: (,joey,im.logica.com)
description: All QA users in my organization

 

Next, I created another netgroup QASytsems like this :

 

dn: cn=QASystems,ou=Netgroup,dc=example,dc=com
objectClass: nisNetgroup
objectClass: top
cn: QASystems
nisNetgroupTriple: (pem,,im.logica.com)
nisNetgroupTriple: (pemy,,im.logica.com)
description: All QA systems on our network

 

The above example I took from the same link
http://directory.fedoraproject.org/wiki/Howto:Netgroups but couldn't
understand further about setting up access.conf..Is this for client or
server?Confused !!!

 

I tried this too.

 

Ok...Say,  I created a user skour and set up acls on QASystems :

 

------------------------------------------------------------------------
---------------------------------------

(targetattr = "*") (target =
"ldap:///cn=QASystems,ou=netgroups,dc=im,dc=logica,dc=com";) (version
3.0;acl "No Access to skour";deny (all)(userdn =
"ldap:///uid=skour,ou=People,dc=im,dc=logica,dc=com";) and
(ip="10.14.242.93");)

 

It should work Right. But when I am trying loggig from 10.14.242.93
system as skour and password it is allowing to login.

 

 

Any idea why its not working??

 

 

 

________________________________

From: Singh Raina, Ajeet 
Sent: Monday, February 18, 2008 10:52 AM
To: 'fedora-directory-users at redhat.com'
Subject: ACI for Netgroup?????

 

My Senior system Admin who has left the organization has NIS configured
with /etc/netgroups file. All I can see he has all together 11 entries
as netgroups as:

 

------------------------------------------------------------------------
-

File  : /etc/netgroups

------------------------------------------------------------------------
-

    24  homegrp         grp1 homegrp2

    25 

    26  grp1    (bl015470, ,goeast),  (bl025470, ,goeast)

    27  #homegrp2       bl065470 bl035470

    28

    29  linux    lynx_bm lynx_psa lynx_uic lynx_uone lynx_omg lynx_desk

    30  unix     (bl015470, ,goeast) (bl025470, ,goeast) (bl035470,
,goeast) (bl

065470, ,goeast) (bl312470, ,goeast) (blrccase, ,goeast) (arsenic,
,goeast) (nio

bids, ,goeast) (ogygia, ,goeast) (bl49acls, ,goeast) (bl46acls, ,goeast)
(agnes,

 , goeast) (bl43acls, ,goeast)

    31  sun      (laurel, ,goeast) (u1-sb01, ,goeast) (BLVM04, ,goeast)
(BLVM07,

 ,goeast) (BLVM08, ,goeast) (BLVM09, ,goeast) (STAMFORD, ,goeast)

    32

    33  lynx_bm          (BL21DL385, ,goeast)

    34  lynx_psa         (Linuxdev106, ,goeast) (BL48DL385, ,goeast)

    35  lynx_uic         (bl01ln-dev, ,goeast) (bl02ln-bld, ,goeast)

    36  lynx_uone        (BLVM01, ,goeast) (BLVM02, ,goeast) (BLVM03,
,goeast) (

BLVM05, ,goeast) (BLVM06, ,goeast) (ccase-u1, ,goeast)

    37  lynx_omg         (BL14DL385, ,goeast)

    38  lynx_desk        (agile8, ,goeast)

---------------------------------------------------------------

 

All I did is tried running the migration script simply and imported it
to the Fedora DS Database. The excerpt of the ldif file is :

 

 

------------------------------------------------------------------------
--

File  : netgroup.ldif

------------------------------------------------------------------------
--

 

dn: cn=homegrp,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: homegrp

memberNisNetgroup: grp1

memberNisNetgroup: homegrp2

 

dn: cn=grp1,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: grp1

nisNetgroupTriple: (bl015470,

nisNetgroupTriple: (bl025470,

memberNisNetgroup: ,goeast)

memberNisNetgroup: ,goeast),

 

dn: cn=linux,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: linux

memberNisNetgroup: lynx_bm

memberNisNetgroup: lynx_desk

memberNisNetgroup: lynx_omg

memberNisNetgroup: lynx_psa

memberNisNetgroup: lynx_uic

memberNisNetgroup: lynx_uone

 

dn: cn=unix,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: unix

nisNetgroupTriple: (agnes,

nisNetgroupTriple: (arsenic,

nisNetgroupTriple: (bl015470,

nisNetgroupTriple: (bl025470,

nisNetgroupTriple: (bl035470,

nisNetgroupTriple: (bl065470,

nisNetgroupTriple: (bl312470,

nisNetgroupTriple: (bl43acls,

nisNetgroupTriple: (bl46acls,

nisNetgroupTriple: (bl49acls,

nisNetgroupTriple: (blrccase,

nisNetgroupTriple: (niobids,

memberNisNetgroup: ,

memberNisNetgroup: ,goeast)

memberNisNetgroup: goeast)

 

dn: cn=sun,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: sun

nisNetgroupTriple: (BLVM04,

nisNetgroupTriple: (BLVM07,

nisNetgroupTriple: (BLVM08,

nisNetgroupTriple: (BLVM09,

nisNetgroupTriple: (STAMFORD,

nisNetgroupTriple: (laurel,

nisNetgroupTriple: (u1-sb01,

memberNisNetgroup: ,goeast)

 

dn: cn=lynx_bm,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: lynx_bm

nisNetgroupTriple: (BL21DL385,

memberNisNetgroup: ,goeast)

 

dn: cn=lynx_psa,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: lynx_psa

nisNetgroupTriple: (BL48DL385,

nisNetgroupTriple: (Linuxdev106,

memberNisNetgroup: ,goeast)

 

dn: cn=lynx_uic,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

cn: lynx_uic

nisNetgroupTriple: (bl01ln-dev,

nisNetgroupTriple: (bl02ln-bld,

memberNisNetgroup: ,goeast)

 

dn: cn=lynx_uone,ou=netgroups,dc=im,dc=logica,dc=com

objectClass: nisNetgroup

objectClass: top

                                          

-------------------------------------------------------

 

I changed the ou=NetGoup to ou=netgroups as my Directory Server >
Directory Tab > im > netgroups folder was there.(Will NetGroup will
work?I don't think so)

I imported it to fedora DS and it showed no error in that process.

 

The getent netgroup <netgroupname> is also working.

 

Can you help me Now How can I create ACL...Say I have one project named
lynx_uone and all I want not to let it to access the other projects.Pls
Help me in this regard.

Will it work?

 

 



This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080218/69c27698/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux