[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Restricting Login based on AD GID


On 10-Nov-13 21:51, Michael Ströder wrote:
Manish Nene wrote:
I've LDAP authentication functioning well against Novell e-directory. Is there
a way I can restrict the login access to appliance based on the GID of an user?
This is not the right forum to ask eDirectory questions.
My question was more from ldap point of view rather than e-directory, sorry for the confusion. I'm using ldap+winbind to get domain logins to work which are working fine on my SLES 11.

Generally speaking it's not a good idea to design access control data
structures based on server-side generated attribute values like 'GUID' of
eDirectory or 'entryUUID'.

You should watch out for group entry schema (groupOfNames etc.).
The problem I've is the container in which this Linux server is placed. Most of the groups which I find from "getent group" have access to the container & hence the need of restricting the access further. I guess there was a directive like requiregid* which I can put in ldap.conf & ensure the restriction is in place.

Ciao, Michael.

- Manish.

Powered by BigRock.com