Hi, On Thu, Aug 6, 2009 at 4:29 PM, Dustin Puryear<[email protected]> wrote: > Realize that pam_groupdn basically means: > > basedn: cn=testHost,ou=hosts,dc=company,dc=net > scope: base > filter: (uniqueMember=uid=MyUser,*) > > I think you're making this more difficult than it really is. :)
In fact the complete directory structure is much more complicated :) the basedn his composed of the hostname, but I also want to search on the attribute cn which contains the IP address > If memory serves, pam_ldap also lets you search based on an attribute > assigned to a user (correct me if I'm wrong--I haven't used pam_ldap is a > long time since we are a VAR for Centrify which makes this a lot easier). > Anyway, if this is the case, then it's something like: > > pam_search_attribute serverAccess: > > (I made that keyword up, but you get the idea). > > dn: uid=user,... > serverAccess: testHost It could have been made like this, but here the list of people allowed to access a specific resource is contained in the resource. Searching a resources should be possible by hostname or IP, and pam_ldap, freeradius and other apps use this ldap. It's complicated but i have strict constraints :( Chris
