[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP DB question

To: Dheeraj Khanna <dheerajk@zoosk.com>, Michael Proto <michael.proto@tstllc.net>
Subject: Re: OpenLDAP DB question
From: Howard Chu <hyc@symas.com>
Date: Thu, 07 Nov 2013 06:55:48 -0800
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <CAGpZLjCJzvEoz8Y2f35jQM0KUew5C56d8Bn+Nd2UytcAEDWZbw@mail.gmail.com>
References: <CAGpZLjDY4PLrVfMC2jGmBU1vYUKUW70vLBY+vGaOR9ov3UxE5g@mail.gmail.com> <CABbu4ybvAphD_URg_BiiXk3Uc5w3kDqGD6DeJW0w+DgTsHAw=A@mail.gmail.com> <CAGpZLjCJzvEoz8Y2f35jQM0KUew5C56d8Bn+Nd2UytcAEDWZbw@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24a1

Dheeraj Khanna wrote:

Thanks Michael

I could not see a specific config settings on ldap.conf which was shown in the
document. Basically I want to add another level of authentication where I can
configure my host's ldap.conf to reflect which user/groups can be allowed to
access a specific host.

I am not able to find the correct syntax which needs to be entered in host's
ldap.conf file


Better solution is to use slapo-nssov(5) and host/service authorization.


Please advise when you get a chance.

Thanks

Dheeraj


On Wed, Oct 30, 2013 at 10:12 AM, Michael Proto <michael.proto@tstllc.net
<mailto:michael.proto@tstllc.net>> wrote:

    Try this:

    http://www.redhat.com/resourcelibrary/whitepapers/netgroupwhitepaper

    It talks about RedHat Directory Server but you can skip that part and go
    straight to the "Populating the Directory" portion and go from there. It
    mentions using NetGroups and PAM to facilitate access to systems based on
    group membership.


    -Proto


    On Wed, Oct 30, 2013 at 12:31 PM, Dheeraj Khanna <dheerajk@zoosk.com
    <mailto:dheerajk@zoosk.com>> wrote:

        Hi

        I wanted to find if I can add a host based authentication, here is my
        setup.

        Regular LDAP DB , I use group and users and associate permissions to
        users based on groups. What I want to achieve is this:

        *If a User A is a member of "Group A" and has access to "hostsA" allow
        else deny, this will allow me to limit access to certain server types
        based on user groups. I think we can define this in /etc/ldap.conf but
        I could not find find the right syntax to add hosts in this config file.*

        *Question: *I do not know how to add this ou called "hostaccess", I
        used a GUI portal called Apache Directory Studio to add/delete users
        and groups.

        If some one knows how to add hosts in LDAP and be able t map groups
        and users to it that would greatly help me.

        Thanks

        Dheera



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Re: OpenLDAP DB question
  - From: Dheeraj Khanna <dheerajk@zoosk.com>

Prev by Date: Re: OpenLDAP on CF disk
Next by Date: Reseting content/database/schema
Index(es):
- Chronological
- Thread