Host Based OpenLDAP Authentication On Mac OS X Mountain Lion

[Amit More <amore@xetus.com>]

Hello All,

I'm sorry if this is the wrong group to post such a question. 

I have openldap (slapd version 2.4.31-1+nmu2ubuntu8) running on Ubuntu Server 14.04. The 'hostObject' objectClass is added in the OpenLDAP directory. The 'host' attribute is added under all ldap users, which allows users to access just those particular hosts. Apple schema has been added as well. 

I have a ubuntu client that authenticates users against the ldap server. The ubuntu client is configured to perform host-based authentication via pam modules. Only users that have access to the Ubuntu client can login, and others are denied access. I also have a Mac OS X Mountain Lion (10.8.5) client that authenticates users against the same openldap server. All network users can login through the login window. I would like to restrict access to the Mountain Lion client based on hosts, as I've it on the Ubuntu client.

I tried to search for documentation on this, but didn't find any good one. Most of the documentation suggest that network user access be controlled on the Mountain Lion client. I'd really like to have that control on ldap server and not on client. Also, restricting network user access using 'Users & Groups' settings in System Preferences fails. All ldap users are blocked from login.

I have successfully tested host-based authentication on a Ubuntu Server 10.04 client that is connected to the same ldap server. So, I know host based authentication works. I would really appreciate if anyone could shed some light on this, or point me to a document that talks about host-based authentication on Mac OS X Mountain Lion client.

Thanks,
Amit