Hi French No tcp_wrapper behaviour, just found that article and I'm trying to make it work as well, maybe I missundertood what the host attribute really is for or the article is wrong or I'm doing something wrong, at least in the logs I can see the pam_check_host is being evaluated.
slapd[20810]: conn=5374 op=4 MOD attr=host Thanks for your time and support. Regard 2013/12/23, Warron S French <[email protected]>: > Low Sensitivity/Aerospace Internal Use Only > > NetWarrior, are you attempting to apply a TCP_Wrappers like behavior but > implement it through LDAP? > > > > > Warron French, MBA, SCSA > > > ----- Forwarded by Warron S French/Emp/Aerospace/US on 12/23/2013 07:42 AM > ----- > > From: Net Warrior <[email protected]> > To: openldap-technical <[email protected]>, > Date: 12/23/2013 07:36 AM > Subject: host Attribute > Sent by: [email protected] > > > > Hi guys. > I'm trying to restric some user to login to some server, googling > around I found that some things can be donde with the host attribute, > this is what I got. > > A user with host attribute and and a FQDN server on it > server.comap.com , the pam_check_host_attr set to yes in the client > configuration ( pam_ldap.conf / ldap.conf ), If I understand well the > user can now login to that server, in my tests I can confirm that, > what I notice is that the user can loging to all the other servers in > the farm whaterver I set to the host attribute > > I read this article as a reference: > thornelabs dot net > /documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html > > Please, can someone shed some light on this or clarify what I'm trying > to to is correct or wrong? > > Thanks for your time and support > Regards > > > > Low Sensitivity/Aerospace Internal Use Only
