[Date Prev][Date Next]
Re: Want interesting restrictions to ldap auth on different servers to different users
can you give an example of usage pam_check_host_attr?
And how can I use group of hosts and assign user to this group to
permit access user to this group avoiding enumerating hosts in users
dn each time I add new user?
What should I set in "host:"? Hostname of server? How host attr are
sent to pam_ldap?
2010/11/18 Aaron Richton <email@example.com>:
> On Thu, 18 Nov 2010, c0re wrote:
>> I mean user user1 can must login only on server1,server2 and server3.
>> And user2 can login only on server5 and server2.
> You could probably overload almost anything (dyngroups, OpenLDAP ACLs,
> search filters, who knows) to accomplish this, but the cleanest way to do
> this in pam_ldap would utilize pam_check_host_attr. I assume pam_ldap
> because you mentioned "pam_groupdn" which is not an OpenLDAP configuration