Thank you very much!! I briefly looked over the
websites and it looks like what I need. I knew there was a solution, but I
didn't know what it was called. I'll try it out and let you know how it
goes.
From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Tay, Gary
Sent: Thursday, December 08, 2005 5:37 AM
To: General discussion list for the Fedora Directory server project.
Subject: RE: Host Access Based on Group Membership
FDS is very similar to SUN ONE DS5.2, I think netgroup (+@netgroupXXX
in /etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf) LDAP
maps could be setup to achieve what you want, it has been used by many DS5.2
administrators
See:
Step 5Y: Configure “netgroup” to work with RedHat or Solaris Native LDAP
Clients
(i.e. controlling
user access to host using netgroup LDAP maps)
Also
see:
Configuring LDAP netgroups
Gary
-----Original Message-----
From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Jason Hane
Sent: Thursday, December 08, 2005 3:51 AM
To: fedora-directory-users@xxxxxxxxxx
Subject: Host Access Based on Group MembershipI've been searching everywhere for the past week and haven't found a solution. I would like to be able to assign access to servers based upon membership to a group or role. For example, if I create a group/role called "Web Servers", everyone in that group can access all the web servers. Everyone in the group/role "Database Servers" would be allowed to log into the database servers. Users can be part of multiple groups.There has to be a way to do this already. All the clients are running OpenLDAP and can already authenticate to the Directory Server. To implement this solution, would I have to change ldap.conf or system-auth?Thanks,Jason
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
