[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: allow or deny certain user access to certain hosts

On Sat, 18 Jun 2011 22:13 -0700, "Hai Tao" <taoh666@hotmail.com> wrote:
> Yes, I tried to add a host attribute, but I got object class violation
> error. Any idea?
> Thanks.
> Hai Tao

Did you ever resolve this?  You don't mention which OS you are using,
but in standard RH5 you can do try this.

1. Install nss_ldap
2. copy /usr/share/doc/nss_ldap-253/ldapns.schema
     This will provide the hostObject objectClass
3. In slapd.conf
  include         /etc/openldap/schema/ldapns.schema
4. In a users ldap record add
objectClass: hostObject
5. In the users ldap record add
host: hostname
6. Modify the hosts ldap.conf file:
 pam_check_host_attr yes

Doing this from memory, but I think that should be enough to get what
you want to work on a RH5 system.  RH6 uses some different files on the
host.  BTW, you can also use the account objectClass to provide the host
attribute, but my guess is that it will most likely conflict with
another structural object class.