Michael Montgomery wrote:
Right. The host attribute is per user. You could set up a Roles for your users, and use Class of Service to automatically add the host attribute to the role members.I do agree that this is closer to what I'm looking for, but the first problem I see is that I wanted to allow Groups of people to login to Groups of servers like: cn=www,ou=Group,dc=example,dc=com is a group of www servers. cn=Unix,ou=Group,dc=example,dc=com is a group of Unix users. So basically, on the people in the Unix group, can login to the www servers, and so forth.
Is there any way, other than client side pam modules, such as: http://www.splitbrain.org/projects/pam_require That will allow this to work? Thanks again everyone. On Tue, 2006-01-03 at 08:02 -0700, Richard Megginson wrote:Does this help? http://directory.fedora.redhat.com/wiki/Howto:Posix Michael Montgomery wrote:I've been searching through both the openldap, and this mailing list for any reference to defining server-side ACLs to allow/restrict access to certain computers, or groups of computers based on the group that the user is associated with. One reference I found was this: http://www.openldap.org/lists/openldap-software/200408/msg00280.html But there are no responses to this query. Neither the OReilly, or the "Understanding and Deploying Ldap Directory Services" books I have make any solid mention of this either, and online searching has uncovered little, at best. Does anyone have any ideas if this is even possible, and if it is, are there any references I can use as a template to begin implementation and testing of this? Thanks for any help you can offer. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
