Barry Sitompul wrote: > Hi, > > > I would specify aci for that user with something like this: > > aci:(targetattr = "*")(target = > "ldap:///ou=Restricted,o=tupperware,c=US";)(version 3.0; acl > "Restricted Read Access"; allow (read,search,compare) (userdn = > "ldap:///uid=someone,ou=users,o=tupperware,c=US";) and > (ip="192.168.1.*" or ip="10.2.3.4" or ip="10.2.3.5" or ip="10.2.3.6") ;) > > It doesn't really prevent the uid=someone from logging in but the user > won't be able to read any attributes from the target tree unless > accessing from those IP addresses. > > Maybe not really what you are after but just a suggestion. Try http://directory.fedoraproject.org/wiki/Howto:Posix and http://directory.fedoraproject.org/wiki/Howto:Netgroups > > > Cheers, > Bazza > > On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote: > >> Hello, >> >> I have gotten 389 directory up and running and am beginning to add >> users, but would like to know how to restrict a user to only logging >> in to a specific host or a group of hosts. Could anybody point me to >> some documentation on this? I don't seem to be having much luck >> finding it through Google. >> >> -- >> Anthony >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org >> <mailto:389-users at lists.fedoraproject.org> >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
