On 2/19/20 9:55 AM, Клеусов Владимир Сергеевич wrote: > I connected ldap linux clients to the OpenLDAP server. > I need to make a certain group of users able to connect to certain > computers. How do I do this ? With most LDAP posix user management deployments you have to configure the Linux clients to query only certain user groups or configure other PAM access control or similar.
My Æ-DIR (based on OpenLDAP) provides views to the Linux clients based on hosts' service group membership and the user groups referenced: https://www.ae-dir.com/docs.html#er-roles So no need to configure the clients (except bind-DN and host password). If you have many clients consider using aehostd for better search performance / less load (see https://ae-dir.com/aehostd.html). Ciao, Michael.
