Re: ldap specifying host attribute

[Rakesh Rajasekharan <rakesh.rajasekharan@gmail.com>]

>>What exactly does that mean in your context?

In my set up when I provide access to a user, he gets access to all the servers managed by our ldap which is not at all what we would like to give.

So, this way I am trying to further enforce which user would have access to what .

I will write few scripts to automate the process.

Is there a better approach to this.


>>You can do that but why? Which LDAP client does expect the hosts to be in e.g.
a space separated list.

The only issue I see here is when i do a "ldapseacrch -x" it would run into many lines .

Was trying to just limit that.

~Rakesh

On Wed, Mar 4, 2015 at 4:00 AM, Michael Ströder <michael@stroeder.com> wrote:

Rakesh Rajasekharan wrote:
> I am trying to set up a host based authentication.

What exactly does that mean in your context?

> For that  ,am  modifying
> the host attribute of existing users through an ldif file as below
>
> dn: uid=sam,ou=People,dc=example,dc=com
> changetype: modify
> add: objectClass
> objectClass: hostObject

Using 'hostObject' for human users does not sound like a good choice.

Object class 'account' has "MAY host" in its object class description.

> -
> add: host
> host: abc
> host: xyz
>
>
> Is there a way I can put the lidt of hosts in a single line
> something like this
>
> host: xyz abc

You can do that but why? Which LDAP client does expect the hosts to be in e.g.
a space separated list.

Ciao, Michael.