[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Want interesting restrictions to ldap auth on different servers to different users

To: c0re <nr1c0re@gmail.com>
Subject: Re: Want interesting restrictions to ldap auth on different servers to different users
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Thu, 18 Nov 2010 10:57:39 -0500 (EST)
Cc: openldap-technical@openldap.org
In-reply-to: <AANLkTin9QFwD4zPhB1sfUSpjZjTvK0=SRZUSEgGCXdY5@mail.gmail.com>
References: <AANLkTin9QFwD4zPhB1sfUSpjZjTvK0=SRZUSEgGCXdY5@mail.gmail.com>
User-agent: Alpine 2.00 (SOC 1167 2008-08-23)

On Thu, 18 Nov 2010, c0re wrote:

I mean user user1 can must login only on server1,server2 and server3.
And user2 can login only on server5 and server2.

You could probably overload almost anything (dyngroups, OpenLDAP ACLs,search filters, who knows) to accomplish this, but the cleanest way to dothis in pam_ldap would utilize pam_check_host_attr. I assume pam_ldapbecause you mentioned "pam_groupdn" which is not an OpenLDAP configurationdirective.

Follow-Ups:
- Re: Want interesting restrictions to ldap auth on different servers to different users
  - From: c0re <nr1c0re@gmail.com>

References:
- Want interesting restrictions to ldap auth on different servers to different users
  - From: c0re <nr1c0re@gmail.com>

Prev by Date: Want interesting restrictions to ldap auth on different servers to different users
Next by Date: Replication Through A DMZ
Index(es):
- Chronological
- Thread