[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Replacement for NIS

Hi,

I use separate ou branches for the big groups (students, tutors, staff, admin, other). Within the entries we use custom attributes which define sort of subgroups. So searching under the appropiate search base and using an appropiate filter in ldap.conf, we can define who can log in to a computer o group of.


Hope it helps

Salvador Salanova Fortmann


Barry Wright wrote:

Hi,
  I am testing LDAP as a replacement for an existing NIS based
authentication. A test ldbm database has been constructed with several
groups of users at the leaves of the structure, authentication via
TSL is working if the specified baseDn contains the uid of the user,
multiple group membership is also present. The system is based on RedHat
7.1 using kernel 2.4.2-2, openldap-2.0.11-8, nss_ldap-149-4 and
pam-0.74-22.

The organisational model I am trying to use is students, tutors/staff and
system admin's.
My question is does anybody have an LDAP system working where there are
seperate groups of users (seperate ou's) only able to login to a
limited subset of available computers but also have an admin group that
can log into any computer, plus possibly have some users able to log into several subsets of computers. NIS is able to handle this with netgroups, I have tried using ldap nis and
netgroup objects and also tried using aliases but did not succeed.

I can supply file snips if anybody is interested but did not want to
include unnecessary clutter at this stage.

Thanks
Barry Wright