|
Further to this , What I attempted is I added
a netgroup entry like the same: dn: cn=QAUsers,ou=Netgroup,dc=im,dc=logica,dc=comobjectClass: nisNetgroupobjectClass: topcn: QAUsersnisNetgroupTriple: (,bobby,im.logica.com)nisNetgroupTriple: (,joey,im.logica.com)description: All QA users in my organization
Next, I created another
netgroup QASytsems like this : dn: cn=QASystems,ou=Netgroup,dc=example,dc=comobjectClass: nisNetgroupobjectClass: topcn: QASystemsnisNetgroupTriple: (pem,,im.logica.com)nisNetgroupTriple: (pemy,,im.logica.com)description: All QA systems on our network
The above example I took
from the same link http://directory.fedoraproject.org/wiki/Howto:Netgroups
but couldn’t understand further about setting up access.conf..Is this for
client or server?Confused !!! I tried this too. Ok…Say, I created
a user skour and set up acls on QASystems : --------------------------------------------------------------------------------------------------------------- (targetattr
= "*") (target =
"ldap:///cn=QASystems,ou=netgroups,dc=im,dc=logica,dc=com") (version
3.0;acl "No Access to skour";deny (all)(userdn =
"ldap:///uid=skour,ou=People,dc=im,dc=logica,dc=com") and
(ip="10.14.242.93");) It should work Right. But when I am trying
loggig from 10.14.242.93 system as skour and password it is allowing to login. Any idea why its not working?? From: My Senior system Admin who has left the organization has ------------------------------------------------------------------------- File : /etc/netgroups ------------------------------------------------------------------------- 24
homegrp grp1 homegrp2 25 26 grp1 (bl015470,
,goeast), (bl025470, ,goeast) 27
#homegrp2 bl065470 bl035470 28 29 linux lynx_bm lynx_psa
lynx_uic lynx_uone lynx_omg lynx_desk 30
unix (bl015470, ,goeast) (bl025470, ,goeast) (bl035470,
,goeast) (bl 065470, ,goeast) (bl312470, ,goeast) (blrccase,
,goeast) (arsenic, ,goeast) (nio bids, ,goeast) (ogygia, ,goeast) (bl49acls, ,goeast)
(bl46acls, ,goeast) (agnes, , goeast) (bl43acls, ,goeast) 31
sun (laurel, ,goeast) (u1-sb01, ,goeast) (BLVM04,
,goeast) (BLVM07, ,goeast) (BLVM08, ,goeast) (BLVM09, ,goeast)
(STAMFORD, ,goeast) 32 33
lynx_bm (BL21DL385,
,goeast) 34
lynx_psa (Linuxdev106, ,goeast)
(BL48DL385, ,goeast) 35
lynx_uic (bl01ln-dev, ,goeast)
(bl02ln-bld, ,goeast) 36
lynx_uone (BLVM01, ,goeast) (BLVM02,
,goeast) (BLVM03, ,goeast) ( BLVM05, ,goeast) (BLVM06, ,goeast) (ccase-u1, ,goeast) 37
lynx_omg (BL14DL385, ,goeast) 38
lynx_desk (agile8, ,goeast) --------------------------------------------------------------- All I did is tried running the migration script simply and imported it
to the Fedora DS Database. The excerpt of the ldif file is : -------------------------------------------------------------------------- File : netgroup.ldif -------------------------------------------------------------------------- dn: cn=homegrp,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: homegrp memberNisNetgroup: grp1 memberNisNetgroup: homegrp2 dn: cn=grp1,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: grp1 nisNetgroupTriple: (bl015470, nisNetgroupTriple: (bl025470, memberNisNetgroup: ,goeast) memberNisNetgroup: ,goeast), dn: cn=linux,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: linux memberNisNetgroup: lynx_bm memberNisNetgroup: lynx_desk memberNisNetgroup: lynx_omg memberNisNetgroup: lynx_psa memberNisNetgroup: lynx_uic memberNisNetgroup: lynx_uone dn: cn=unix,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: unix nisNetgroupTriple: (agnes, nisNetgroupTriple: (arsenic, nisNetgroupTriple: (bl015470, nisNetgroupTriple: (bl025470, nisNetgroupTriple: (bl035470, nisNetgroupTriple: (bl065470, nisNetgroupTriple: (bl312470, nisNetgroupTriple: (bl43acls, nisNetgroupTriple: (bl46acls, nisNetgroupTriple: (bl49acls, nisNetgroupTriple: (blrccase, nisNetgroupTriple: (niobids, memberNisNetgroup: , memberNisNetgroup: ,goeast) memberNisNetgroup: goeast) dn: cn=sun,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: sun nisNetgroupTriple: (BLVM04, nisNetgroupTriple: (BLVM07, nisNetgroupTriple: (BLVM08, nisNetgroupTriple: (BLVM09, nisNetgroupTriple: ( nisNetgroupTriple: (laurel, nisNetgroupTriple: (u1-sb01, memberNisNetgroup: ,goeast) dn: cn=lynx_bm,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_bm nisNetgroupTriple: (BL21DL385, memberNisNetgroup: ,goeast) dn: cn=lynx_psa,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_psa nisNetgroupTriple: (BL48DL385, nisNetgroupTriple: (Linuxdev106, memberNisNetgroup: ,goeast) dn: cn=lynx_uic,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top cn: lynx_uic nisNetgroupTriple: (bl01ln-dev, nisNetgroupTriple: (bl02ln-bld, memberNisNetgroup: ,goeast) dn: cn=lynx_uone,ou=netgroups,dc=im,dc=logica,dc=com objectClass: nisNetgroup objectClass: top
------------------------------------------------------- I changed the ou=NetGoup
to ou=netgroups as my
Directory Server > Directory Tab > im > netgroups folder was there.(Will
NetGroup will work?I don’t think so) I imported it to fedora DS and it showed no error in that process. The getent netgroup <netgroupname> is also working. Can you help me Now How can I create ACL…Say I have one project
named lynx_uone and all I want not to let it to access the other projects.Pls
Help me in this regard. Will it work? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. |
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
