Hi,
This is how i manage my servers .
Each host is a group in my ldap entries , i also create group of hosts as
groups in ldap (ie: cn=webservers ).
on each machine i have deployed sssd-ldap with a ldap_access_filter =
(|(cn=admgrp,...)(cn=webservers,ou=...)(cn=devops,ou=...))
admgrp group contains all admin users...
When i deploy a machine i launch an Ansible playbook that set the right
group in sssd.conf file regarding my inventory then create the group on my
ldap server.
You only have to declare users in group or nested groups
Hope that can help
Le mer. 12 juin 2019 à 10:17, William Brown <wbrown(a)suse.de> a écrit :
> On 12 Jun 2019, at 04:25, Eugene Poole <etpoole60(a)comcast.net> wrote:
>
> I need to control users and groups of users to provide them access to
specific machines. Once our machine number went above 15 controlling who
has access to what machines has become difficult.
So you mention that you have some windows machines here too, is that
correct? Are the machines workstations or servers? You have some linux
machines too?
>
> Gene
>
> On 6/10/2019 4:11 AM, William Brown wrote:
>>
>>> On 7 Jun 2019, at 23:53, Eugene Poole <etpoole60(a)comcast.net> wrote:
>>>
>>> I'm trying to upgrade my environment and I've reinstalled my CentOS
machines to CentOS 7 except for one. I've got my DNS for my LAN working
just fine. So now it's time for Directory Server.
>>>
>>> What is a GOOD tutorial to follow? My environment includes 26 physical
and KVM virtual machines; 4 Windows 7 machines and 1 ArcaOS (OS/2) machine.
What is a DS configuration to go for?
>> I think the better thing to ask is what do you want to achieve here?
What's your ideal setup for integrating each of these clients, and what
information do you want to make available to them? I think that would help
me to advise on "what next" for you :)
>>
>>
>>
>>> TIA
>>>
>>> --
>>> Eugene Poole
>>> Woodstock, Georgia
>>> _______________________________________________
>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>> To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
>>> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>
> --
> Eugene Poole
> Woodstock, Georgia
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...