[Date Prev][Date Next]
Want interesting restrictions to ldap auth on different servers to different users
- To: firstname.lastname@example.org
- Subject: Want interesting restrictions to ldap auth on different servers to different users
- From: c0re <email@example.com>
- Date: Thu, 18 Nov 2010 18:45:57 +0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=c7zPujBKiEh2Ous2WhRFNY2UghQ9ERLi6JHSnXPIdbM=; b=s77pcdDX2Rvf6jdV8JZtLIErqZnJKHnrYOcaDbNU/uKDAJe5UpJcNQHkTNAr/WQhtc 0RJtCaX/T44nmD1kmiBLOZk+85UUTvbCRfohka355ks8pycXtULybs+wVpuWBdDKYRrZ 0Mg6HPbjl2/Axe30l1EsCoGxsZLKG+fR4Hchg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=j6J1SsJ8jHMUmDAdMLLB5XwVp8B0AfZe7MCgQtpYIpb5wnJL7XMBSQUUHnLaes5fBx Y14WPzqNgLR7xYcdPi4kS5QdKusCCgIO4mOhXd6U+C87ev4EECR7QouNSR9cjLwg1tPe ehN4CQh1m5loz4RV5zSPoBC0eCraZ5vXL7v6c=
I made simple ldap auth on my servers via pam_ldap. It's ok. Now I
want to add users that can auth on several servers. BUT. I want to
control on what servers user can login only on ldap server.
I mean user user1 can must login only on server1,server2 and server3.
And user2 can login only on server5 and server2.
Theoretically It's possible to do with "pam_groupdn", set it it
ldap.conf to server name and create as many groups as I have servers
in openldap. Then I add users to some groups that they has to have
access. I can group servers in some group like "city1_group" that
contain all servers in city1 and add user to that group and it will
have access to all servers in city1.
May be anyone know another practice?
Looking for best practice or something like it. Share your experience please.