> Dear list members, > I still have one more question about ldap on opensol > 10 as an ldap client. > I want to prohibit logins from users on my solaris > machine who don't > have the machine name in their host attribute of the > ldap server.
You will probably need a profile in ldap for each host, but in that profile you could override the default search descriptor as below. This changes the search used by the ldap client when it looks for users. In the past I have found that not only do you need to change passwd, and shadow. You also need to change user_attr, and audit_user for it to work (This may have changed). Hope this helps.... Doug serviceSearchDescriptor: user_attr:ou=people,?sub?(&(host=myhost)(objectClass=SolarisUserAttr)) serviceSearchDescriptor: shadow:ou=people,?sub?(&(host=myhost)(objectClass=shadowaccount)) serviceSearchDescriptor: audit_user:ou=people,?(&(host=myhost)(sub?objectClass=SolarisAuditUser)) serviceSearchDescriptor: passwd:ou=people,?sub?(&(host=myhost)(objectClass=posixaccount)) This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
