Hi, I would specify aci for that user with something like this: aci:(targetattr = "*")(target = "ldap:/// ou=Restricted,o=tupperware,c=US")(version 3.0; acl "Restricted Read Access"; allow (read,search,compare) (userdn = "ldap:/// uid=someone,ou=users,o=tupperware,c=US") and (ip="192.168.1.*" or ip="10.2.3.4" or ip="10.2.3.5" or ip="10.2.3.6") ;) It doesn't really prevent the uid=someone from logging in but the user won't be able to read any attributes from the target tree unless accessing from those IP addresses. Maybe not really what you are after but just a suggestion. Cheers, Bazza On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote: > Hello, > > I have gotten 389 directory up and running and am beginning to add > users, but would like to know how to restrict a user to only logging > in to a specific host or a group of hosts. Could anybody point me to > some documentation on this? I don't seem to be having much luck > finding it through Google. > > -- > Anthony > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100708/33552fc5/attachment.html
