Brett @Google wrote:
On Sat, Sep 12, 2009 at 1:08 AM, Rex Roof <rex@wccnet.edu
<mailto:rex@wccnet.edu>> wrote:
I have some linux machines that I have configured for student
access. We are authenticating against our OpenLDAP tree and
limiting which users have access via an LDAP groupOfNames. This
is
all working perfectly.
This is the problem I am having. Any user with access to the
system can run the /usr/bin/finger command and do a name search
against our entire LDAP tree. I would like to limit the info
available via finger to just the users that have access to any
particular machine. How can this be controlled?
This sounds more like a firewall / iptables issue to your finger
server
than anything else ?
No, doesn't sound like that to me.
Essentially he wants an ACL that grants access to nss-ldap searches
based on
the target entries belonging to a group associated with a particular
peeraddr.
But at the moment, I can't think of any mechanism to do this in the
current
ACL engine.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/