I think I've done my due dilligence and read the historical postings here, I just can't seem to find an answer, so let's go to the experts, shall we?
I've installed and configured Netscape Directory Server 4.13 on a Solaris 8 system (5 kept throwing up java errors that I couldn't correct, so I went backwards...) - everything is working correctly, I am able to use the Directory server to authenticate logins (using the Solaris pam_unix module and the nsswitch.conf files). Essentially, for this first implementation we'll be using LDAP as a glorified NIS with ssl security - further usage will be implemented in the future. The only 'requirement' I've placed on this implementation is that I DON'T want to install the NIS extensions. I'd like to keep this as simple as possible in it's implementation, and I'd like to go "pure" LDAP if at all possible. My question is, I hope, relatively simple, and I think I'm just missing something somewhere. I'd like to find a way to limit the users who can log onto any given system - (i.e. I want a consolidated user database, but I don't want the DBAs to be able to log onto the sendmail server, and the application developers shouldn't be allowed to log onto the Database servers). Of course we're using consolidated home directories off of a NetApp. In NIS you configured netgroups to take care of this issue, and there is a 'netgroups' object configured for Solaris, but it just doesn't work the way it used too... I'm not hooked on the 'netgroups' concept, if there is something I'm missing, I'm more than happy to head in a new direction - or perhaps I'm just putting my +@netgroup entry in the wrong place. Your assistance is GREATLY appreciated. toph
