can you give an example of usage pam_check_host_attr? And how can I use group of hosts and assign user to this group to permit access user to this group avoiding enumerating hosts in users dn each time I add new user?
What should I set in "host:"? Hostname of server? How host attr are sent to pam_ldap? 2010/11/18 Aaron Richton <[email protected]>: > On Thu, 18 Nov 2010, c0re wrote: > >> I mean user user1 can must login only on server1,server2 and server3. >> And user2 can login only on server5 and server2. > > You could probably overload almost anything (dyngroups, OpenLDAP ACLs, > search filters, who knows) to accomplish this, but the cleanest way to do > this in pam_ldap would utilize pam_check_host_attr. I assume pam_ldap > because you mentioned "pam_groupdn" which is not an OpenLDAP configuration > directive. >
