On Mon, Jun 29, 2009 at 11:29 AM, Giovanni Torres <torresgi@xxxxxxxxxxxxx> wrote:
In short, you add a couple entries to the schema that gives host-based access control.I have implemented LDAP on CentOS successfully using Redhat's Directory
Server and the great how-to on the CentOS wiki.
Being new to LDAP, I have a question and maybe one of you guys can point
me in the right direction: I have LDAP implemented on the network for
logins to the workstation pcs. I also have an apache website that I now
use LDAP for authentication. What I want, however, is to be able to
allow a group of users to authenticate to the apache website, but not be
able to login to any of the systems directly nor via ssh.
Any suggestions or pointers in the right direction on where to read up
on how to accomplish this specific task would be much appreciated.
Create Host Based access
Add the 61ldapns.ldif file to /etc/dirsrv/instancename/schema
Grab the above ldif from the link. Then, on the apache servers:
edit /etc/ldap.conf and enable pam_check_host_attr
Then in the dirsrv manager:
From the Account Listing
Select Field in ObjectClass
Add Value
Select HostObject
Select Add Attribute
Select Host
Enter first host
Select Host
Enter Add Value
Enter second host
Continue for all hosts
I haven't had a chance to detail the notes, but those two entries for hosts and service control allow me to specify what services a user can use and on which servers. So I could, for example, allow a user to use only ssh or only ftp on a particular host.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
