Michael Montgomery wrote:
I do agree that this is closer to what I'm looking for, but the
problem I see is that I wanted to allow Groups of people to login to
Groups of servers like:
cn=www,ou=Group,dc=example,dc=com is a group of www servers.
cn=Unix,ou=Group,dc=example,dc=com is a group of Unix users.
So basically, on the people in the Unix group, can login to the www
servers, and so forth.
Right. The host attribute is per user. You could set up a Roles for
your users, and use Class of Service to automatically add the host
attribute to the role members.
Is there any way, other than client side pam modules, such as:
That will allow this to work?
Thanks again everyone.
On Tue, 2006-01-03 at 08:02 -0700, Richard Megginson wrote:
>Does this help? http://directory.fedora.redhat.com/wiki/Howto:Posix
>Michael Montgomery wrote:
>>I've been searching through both the openldap, and this mailing list for
>>any reference to defining server-side ACLs to allow/restrict access to
>>certain computers, or groups of computers based on the group that the
>>user is associated with. One reference I found was this:
>>But there are no responses to this query.
>>Neither the OReilly, or the "Understanding and Deploying Ldap Directory
>>Services" books I have make any solid mention of this either, and online
>>searching has uncovered little, at best.
>>Does anyone have any ideas if this is even possible, and if it is, are
>>there any references I can use as a template to begin implementation and
>>testing of this?
>>Thanks for any help you can offer.
>>Fedora-directory-users mailing list
>Fedora-directory-users mailing list
Fedora-directory-users mailing list