Thanks Robert. That seems to work well. But here is my scenario I have a bunch of Groups and not sure if I can specify multiple groupdn's in ldap.conf. Group1= Developers on Project1 need access to only proj1 servers Group2= QA on Project1 need access to proj1 servers only Group3= sysadmins accesss to all servers Available methods for access control: 1. Host attribute based ACL- Adding an extra attribute for each user and maintaining a list of 40-50 servers per user. Major Disadvantage: Manual entry for each user account or atleast scripting based on group membership which makes it too complex. 2. Use NisNetGroups: Maintain separate set of netgroups for proj1-servers, proj1-Developers, proj1-QA, Groupfor-ALLservers, GroupforSysadmin. Major Disadvantage: we add/remove hosts a lot and to maintain a huge list of nisNetgroups for hosts as well as users seems cumbersome or atleast doubling the DB. Also lack of tools. Can you suggest suitable scenario and any tools I can use to minimize the effort? Thanks once again. Prashanth -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3210 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20091122/d6622ed0/attachment.bin
