Hi,
I am testing LDAP as a replacement for an existing NIS based
authentication. A test ldbm database has been constructed with several
groups of users at the leaves of the structure, authentication via
TSL is working if the specified baseDn contains the uid of the user,
multiple group membership is also present. The system is based on RedHat
7.1 using kernel 2.4.2-2, openldap-2.0.11-8, nss_ldap-149-4 and
pam-0.74-22.
The organisational model I am trying to use is students, tutors/staff and
system admin's.
My question is does anybody have an LDAP system working where there are
seperate groups of users (seperate ou's) only able to login to a
limited subset of available computers but also have an admin group that
can log into any computer, plus possibly have some users able to log into
several subsets of computers.
NIS is able to handle this with netgroups, I have tried using ldap nis and
netgroup objects and also tried using aliases but did not succeed.
I can supply file snips if anybody is interested but did not want to
include unnecessary clutter at this stage.
Thanks
Barry Wright