[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Replacement for NIS

I just use one big branch for all users, but I think that you can tweak
the pam settings in /etc/ldap.conf to limit searchs to a particular DN.
This might come close to what you're looking for.  That way you could
restrict searchs to say, ou=admins, or something.


On Wed, 19 Sep 2001, Barry Wright wrote:

> Hi,
>    I am testing LDAP as a replacement for an existing NIS based
> authentication. A test ldbm database has been constructed with several
> groups of users at the leaves of the structure, authentication via
> TSL is working if the specified baseDn contains the uid of the user,
> multiple group membership is also present. The system is based on RedHat
> 7.1 using kernel 2.4.2-2, openldap-2.0.11-8, nss_ldap-149-4 and
> pam-0.74-22.
> The organisational model I am trying to use is students, tutors/staff and
> system admin's.
> My question is does anybody have an LDAP system working where there are
> seperate groups of users (seperate ou's) only able to login to a
> limited subset of available computers but also have an admin group that
> can log into any computer, plus possibly have some users able to log into
> several subsets of computers.
> NIS is able to handle this with netgroups, I have tried using ldap nis and
> netgroup objects and also tried using aliases but did not succeed.
> I can supply file snips if anybody is interested but did not want to
> include unnecessary clutter at this stage.
> Thanks
> Barry Wright