You shouldn't use user1 as binddn in
the application but a dedicated service account.
And you should make sure that everyone is allowed to authenticate.
like so:
LDAP entry:
cn=zabix,ou=applications,dc=prime,dc=ds,dc=geo,dc=com
objectCla
Dear Peter
As per your suggestion In inetOrgPerson I created a custom attribute called
allowedService and now the users list is as
dn: ou=People,dc=prime,dc=ds,dc=geo,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
dn: uid=user1,ou=People,dc=prime,dc=ds,dc=geo,dc=com
objectCla
Dear Peter
Thanks for your update. As you specified I am trying to set up this option.
Thanks again
Geo.
*Thanks & Regards
Geo P.C.
www.geopc.co.cc*
On Tue, May 7, 2013 at 8:34 PM, Peter Gietz wrote:
> Hi Geo,
>
> I don't think that alias object will be of use for you. Frankly I don't
>
--On Tuesday, May 07, 2013 11:11 AM +0530 "Geo P.C."
wrote:
Please let me know is it possible to implement this idea?. Also please
let me know your thoughts.
It is trivial as long as your application has an application specific bind
dn. If it does, then you can restrict this via ACLs on
After a second look, I must say that
solution 2a is not doable. Complex ACL definitions with groups or
sets can only be done on the part of an ACL and not on
the part which would have been needed for 2a.) sorry.
Thus you can only go with dynamic groups an
1.) If you had a config parameter like search filter in your
application you could use that to make unwanted users invisible
for the application. But this means you can't use group entries ,
but dynamic groups, i.e. a group is an ldapfilter, e.g.
"(allowedS
Please let me know is it possible to implement this idea?. Also please let
me know your thoughts.
Thanks
Geo
*Thanks & Regards
Geo P.C.
www.geopc.co.cc*
On Mon, May 6, 2013 at 3:51 PM, Geo P.C. wrote:
> Hi
>
> We are using many applications like zabbix, phabricator, AC etc. We need
> to in
Hi
We are using many applications like zabbix, phabricator, AC etc. We need to
integrate LDAP in all these applications. These application support LDAP
but not group based authentication.
Please let us know is there any option to restrict selected users to login.
We created all users under ou ‘us