[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Replacement for NIS

To: Barry Wright <barry@atlas.otago.ac.nz>
Subject: Re: LDAP Replacement for NIS
From: Michael L Torrie <torriem@cs.byu.edu>
Date: Tue, 18 Sep 2001 21:26:43 -0600 (MDT)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.OSF.4.21.0109191410470.299637-100000@atlas.otago.ac.nz>

I just use one big branch for all users, but I think that you can tweak
the pam settings in /etc/ldap.conf to limit searchs to a particular DN.
This might come close to what you're looking for.  That way you could
restrict searchs to say, ou=admins, or something.

Michael


On Wed, 19 Sep 2001, Barry Wright wrote:

> Hi,
>    I am testing LDAP as a replacement for an existing NIS based
> authentication. A test ldbm database has been constructed with several
> groups of users at the leaves of the structure, authentication via
> TSL is working if the specified baseDn contains the uid of the user,
> multiple group membership is also present. The system is based on RedHat
> 7.1 using kernel 2.4.2-2, openldap-2.0.11-8, nss_ldap-149-4 and
> pam-0.74-22.
>
> The organisational model I am trying to use is students, tutors/staff and
> system admin's.
> My question is does anybody have an LDAP system working where there are
> seperate groups of users (seperate ou's) only able to login to a
> limited subset of available computers but also have an admin group that
> can log into any computer, plus possibly have some users able to log into
> several subsets of computers.
> NIS is able to handle this with netgroups, I have tried using ldap nis and
> netgroup objects and also tried using aliases but did not succeed.
>
> I can supply file snips if anybody is interested but did not want to
> include unnecessary clutter at this stage.
>
> Thanks
> Barry Wright
>
>

References:
- LDAP Replacement for NIS
  - From: Barry Wright <barry@atlas.otago.ac.nz>

Prev by Date: LDAP Replacement for NIS
Next by Date: Re: LDAP Replacement for NIS
Index(es):
- Chronological
- Thread