[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: managing workstation access.

Actually, I think host is a part of posixAccount.

If you are talking about linux hosts, edit /etc/ldap.conf and set
pam_check_host_attr to yes. When this is enabled, each user must have a host
entry for each host (ie host: ns1.yourdomain.com to log into the
ns1.yourdomain.com host).

The host entry should be whatever the machine thinks is its hostname..

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of tsg
Sent: Tuesday, June 24, 2003 1:33 PM
To: Jason C. Leach
Cc: openldap-software@OpenLDAP.org
Subject: Re: managing workstation access.

24 Июнь 2003 22:03, Jason C. Leach написал:
> hi,
> Does anyone have some good ideas on how to manage workstation access 
> with LDAP.  For example, if I add a user to the LDAP DB they get 
> access (an account) on all workstations A, B and C. But suppose I 
> dont' want them to have access to workstation C? Can I limit that some 
> how?
> Thanks,
> j.
There is attribute 'host(hosts??)', in , as I remember samba.schema, if it's

empty, user can log in from all workstations, if it's not empty, only from 
workstatinons, mentioned in this attribute.
Best regards.