Thanks Robert. That seems to work well. But here is my scenario I have a bunch of Groups and not sure if I can specify multiple groupdn's in ldap.conf. Group1= Developers on Project1 need access to only proj1 servers Group2= QA on Project1 need access to proj1 servers only Group3= sysadmins accesss to all servers Available methods for access control: 1. Host attribute based ACL- Adding an extra attribute for each user and maintaining a list of 40-50 servers per user. Major Disadvantage: Manual entry for each user account or atleast scripting based on group membership which makes it too complex. 2. Use NisNetGroups: Maintain separate set of netgroups for proj1-servers, proj1-Developers, proj1-QA, Groupfor-ALLservers, GroupforSysadmin. Major Disadvantage: we add/remove hosts a lot and to maintain a huge list of nisNetgroups for hosts as well as users seems cumbersome or atleast doubling the DB. Also lack of tools. Can you suggest suitable scenario and any tools I can use to minimize the effort? Thanks once again. Prashanth
<<winmail.dat>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
