[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP DB question

Dheeraj Khanna wrote:
Thanks Michael

I could not see a specific config settings on ldap.conf which was shown in the
document. Basically I want to add another level of authentication where I can
configure my host's ldap.conf to reflect which user/groups can be allowed to
access a specific host.

I am not able to find the correct syntax which needs to be entered in host's
ldap.conf file

Better solution is to use slapo-nssov(5) and host/service authorization.

Please advise when you get a chance.



On Wed, Oct 30, 2013 at 10:12 AM, Michael Proto <michael.proto@tstllc.net
<mailto:michael.proto@tstllc.net>> wrote:

    Try this:


    It talks about RedHat Directory Server but you can skip that part and go
    straight to the "Populating the Directory" portion and go from there. It
    mentions using NetGroups and PAM to facilitate access to systems based on
    group membership.


    On Wed, Oct 30, 2013 at 12:31 PM, Dheeraj Khanna <dheerajk@zoosk.com
    <mailto:dheerajk@zoosk.com>> wrote:


        I wanted to find if I can add a host based authentication, here is my

        Regular LDAP DB , I use group and users and associate permissions to
        users based on groups. What I want to achieve is this:

        *If a User A is a member of "Group A" and has access to "hostsA" allow
        else deny, this will allow me to limit access to certain server types
        based on user groups. I think we can define this in /etc/ldap.conf but
        I could not find find the right syntax to add hosts in this config file.*

        *Question: *I do not know how to add this ou called "hostaccess", I
        used a GUI portal called Apache Directory Studio to add/delete users
        and groups.

        If some one knows how to add hosts in LDAP and be able t map groups
        and users to it that would greatly help me.



  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/