[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding ipHost for Hout based authentication

To: Tech Only <stech.only@gmail.com>
Subject: Re: Adding ipHost for Hout based authentication
From: Edward Capriolo <edlinuxguru@gmail.com>
Date: Wed, 3 Mar 2010 15:12:36 -0500
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=HfxrwfV7qlIL5HuovJQvRKiSNB/zNhkckm9x6irT8LY=; b=ss8Vdv1jZhaagzwpw3mmYAJz5UBxdOS+mP4ANbiqAFBoKr8CxMDfVauRjMt+SagwkI 4dugLFyRdFnyjPQs7Cq4dD7gq9gja03jXgNMZbesvVRwnmHtt9x4gExkqY3QZijikYYi AzDFGTthnxgtwf0RuvjagYbPnNdsCgBm0HXlw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=tmwLznN6wqzgsJ/Tq4fR4cKIdUAPmsKPNFaVpsQNABT+AE52NWBmLLgFUeqqkGOace xT9oYaG+EP5Cmk5t+pY9ri1OGCaZZcWdOvy+teqrYDGgaPWBr/jkduKtNJDNDVRvvzPi AWzrc8M8CrCV1YBEW0LUPjBPVcSHNxCsWt/cY=
In-reply-to: <8a8e09a21003031055v12ad9c10h7cdc2a84caddbcb5@mail.gmail.com>
References: <8a8e09a21003031055v12ad9c10h7cdc2a84caddbcb5@mail.gmail.com>

On Wed, Mar 3, 2010 at 1:55 PM, Tech Only <stech.only@gmail.com> wrote:
> Hello,
> I am trying to add hosts to the LDAP server for more control on logins.
> I have nis.schema in the slapd.conf file. Below is host.ldif file
> dn: cn=mldap,ou=hosts,dc=aaa
> objectClass: ipHost
> ipHostNumber: 10.10.5.115
> cn: mldap
>
> When I try to add it I get following error.
> ldap_add: Object class violation (65)
> additional info: no structural object class provided
>
> My aim is to add all the network servers under ou=hosts, and then assign
> access to users depending on the need.
>
> Please help!!!!!!

I am doing what you are doing. I specify the object like so

ipHostNumber: 0.0.0.0
objectClass: ipHost
objectClass: device
objectClass: extensibleObject
objectClass: top
cn: myhosts
member: uid=ecapriolo, ou .....
member: uid=someoneelse, ou .....

/etc/ldap.conf
# Change this to enforce different user login
pam_groupdn cn=myhosts,ou=hosts,...
pam_member_attribute    member

I am not sure my usage of ipHost, device, extensibleObject is RFC correct.
I think some people are using groupOfUniqueNames.  In any case Pam is
not checking that ipHostNumber matches or anything like that.

This gets the job down for me.

References:
- Adding ipHost for Hout based authentication
  - From: Tech Only <stech.only@gmail.com>

Prev by Date: Re: Adding ipHost for Hout based authentication
Next by Date: RE: combine/link entries in different ou' s
Index(es):
- Chronological
- Thread