[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: host attribute can't be added in OpenLDAP 2.1.x



>Thanks a lot for your help. Now everything worked. But I have one more 
>question, have you tried to add host attribute to a group so that host 
>access control can also be done based on a group?

It won't work.  But if you want to controll access to a host based upon a 
group (more maintainable in my book anyway) then put a filter in your PAM 
configuration.

>>Well, assuming you want to use the host attr from the cosine schema, a
>>reasonable attempt might be:
>>objectclass ( my.unique.and.legally.obtained.oid.space.1.2.1.3.1
>>        NAME 'personOfAccount'
>>        DESC 'inetOrgPerson with accounts on systems'
>>        SUP inetOrgperson
>>        STRUCTURAL
>>        MAY ( host ) )
>>
>>As you can see, the syntax is rather straightforward.  The admin guide
>>covers this in far greater detail.