[Date Prev][Date Next] [Chronological] [Thread] [Top]

Deny auth based on client



Hello all,

I am working on setting up openldap as a centralized authenticaiton system
for my company that has over 5000 accounts.  My question is regarding
pam_ldap, so please forgive me if this is the wrong place to post this.

Here is the setup:  We have one rh7.1 box running slapd, and there are two
main divisions on my company, each having their own sun enterprise 450
server.

What I would like to do is add some sort of attribute to each user object
inside the ldap database that would either allow or deny access to the
server.

Say I have a user names jo.  He should have access to sun1, but not sun2.
Is there a way where I can put a field in his entry in ldap that says
sun1, and when he goes to sun1 to login, he is allowed, but can't login to
sun2 because an entry matching sun2 isn't present in his ldap entry?

Can this be done strictly within ldap (in which case this question is
relevant to this newsgroup), and/or is there a way to do this via
pam_ldap?

I really appreciate any help you have to offer.
Thank you,
Andy