Hi,
This is how i manage my servers .
Each host is a group in my ldap entries , i also create group of hosts as groups in ldap (ie: cn=webservers ).
on each machine i have deployed sssd-ldap with a ldap_access_filter = (|(cn=admgrp,...)(cn=webservers,ou=...)(cn=devops,ou=...))
admgrp group contains all admin users...
When i deploy a machine i launch an Ansible playbook that set the right group in sssd.conf file regarding my inventory then create the group on my ldap server.
You only have to declare users in group or nested groups
Hope that can help
Le mer. 12 juin 2019 à 10:17, William Brown <wbrown@xxxxxxx> a écrit :
> On 12 Jun 2019, at 04:25, Eugene Poole <etpoole60@xxxxxxxxxxx> wrote:
>
> I need to control users and groups of users to provide them access to specific machines. Once our machine number went above 15 controlling who has access to what machines has become difficult.
So you mention that you have some windows machines here too, is that correct? Are the machines workstations or servers? You have some linux machines too?
>
> Gene
>
> On 6/10/2019 4:11 AM, William Brown wrote:
>>
>>> On 7 Jun 2019, at 23:53, Eugene Poole <etpoole60@xxxxxxxxxxx> wrote:
>>>
>>> I'm trying to upgrade my environment and I've reinstalled my CentOS machines to CentOS 7 except for one. I've got my DNS for my LAN working just fine. So now it's time for Directory Server.
>>>
>>> What is a GOOD tutorial to follow? My environment includes 26 physical and KVM virtual machines; 4 Windows 7 machines and 1 ArcaOS (OS/2) machine. What is a DS configuration to go for?
>> I think the better thing to ask is what do you want to achieve here? What's your ideal setup for integrating each of these clients, and what information do you want to make available to them? I think that would help me to advise on "what next" for you :)
>>
>>
>>
>>> TIA
>>>
>>> --
>>> Eugene Poole
>>> Woodstock, Georgia
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
>
> --
> Eugene Poole
> Woodstock, Georgia
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx