Hi all, I'm stuck in the same issue as Serge Fonville. I have created new Auxiliary objectclass 'testobj' with 'host' attribute & added it to the ou=Groups.Then created 2 entries under Groups as below & assigned members to those groups.
dn: cn=qagroup,ou=Groups,dc=test,dc=com cn: qagroup gidNumber: 4 objectClass: posixGroup objectClass: testobj host: x15f12.test.com memberUid: uid=ldap1,ou=Users,dc=test,dc=com memberUid: uid=ldap2,ou=Users,dc=test,dc=com dn: cn=admin,ou=Groups,dc=test,dc=com cn: admin gidNumber: 0 objectClass: posixGroup objectClass: testobj host: x15ubuntu.test.com memberUid: uid=ldap3,ou=Users,dc=test,dc=com memberUid: uid=ldap4,ou=Users,dc=test,dc=com Now *which parameter in ldap.conf or any other files I host machine should I modify and how,* so that members from qagroup or admin groups only get access to host mentioned in their respective attributes ?? Thanks in advance Shamika 2009/12/3 Adam Hough <[email protected]> > Or you can create your own Aux. object class that includes the host > attribute then you just have to modify the ldap.conf for the machine to > restrict user authentication. > > - Adam > > On Thu, 2009-12-03 at 10:48 -0300, Jarbas Peixoto Júnior wrote: > > If you are using ssh and pam can be done like this: > > > > # tail /etc/ssh/sshd_config > > > > # Allow client to pass locale environment variables > > AcceptEnv LANG LC_* > > > > Subsystem sftp /usr/lib/openssh/sftp-server > > > > UsePAM yes > > > > # Restringir acesso ao grupo local 'suporte' e a grupos LDAP > > AllowGroups suporte "SSH UDSL" > > > > where "SSH UDSL" is a Group in LDAP, and "suporte" is a local group. > > > > 2009/12/3 Serge Fonville <[email protected]>: > > > Hi, > > > > > > While setting up an LDAP server. I noticed that it is not possible to > > > add a host attribute to a posixGroup. > > > > > > Is there a way to limit a user what host they can logon to based on > > > their group membership? > > > > > > Thanks in advance > > > > > > Regards, > > > > > > Serge Fonville > > > > > > -- > > > http://www.sergefonville.nl > > > > > > Convince Google!! > > > They need to support Adsense over SSL > > > > https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 > > > > http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en > > > > >
