I had a similar question a few weeks ago. I wanted to be able to assign
a list of users access to only a specific number of computers. This is
the response I got from Gary Tay:
FDS is very similar to SUN ONE DS5.2, I think netgroup (+@netgroupXXX in
/etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf)
LDAP maps could be setup to achieve what you want, it has been used by
many DS5.2 administrators
See:
http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open
LDAP%20for%20RedHat%20Enterprise%20Linux3.htm
Step 5Y: Configure "netgroup" to work with RedHat or Solaris Native LDAP
Clients
(i.e. controlling user access to host using netgroup LDAP maps)
Also see:
http://swforum.sun.com/jive/thread.jspa?threadID=52764&messageID=223846#
223846
Configuring LDAP netgroups
Gary
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Michael
Montgomery
Sent: Tuesday, January 03, 2006 1:35 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Server-Side ACLs for pam_ldap
logins.
Thanks for the response. I'll read up on this, and see if I can get
this working.
On Tue, 2006-01-03 at 11:29 -0700, Richard Megginson wrote:
Michael Montgomery wrote:
>I do agree that this is closer to what I'm looking for, but the first
>problem I see is that I wanted to allow Groups of people to login
to
>Groups of servers like:
>
>cn=www,ou=Group,dc=example,dc=com is a group of www servers.
>cn=Unix,ou=Group,dc=example,dc=com is a group of Unix users.
>
>So basically, on the people in the Unix group, can login to the www
>servers, and so forth.
>
>
Right. The host attribute is per user. You could set up a Roles for
your users, and use Class of Service to automatically add the host
attribute to the role members.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users