|
Hi All, I have install openldap to authenticate users on system
Unix. So, I use the module pam_ldap / nss_ldap with primitive
pam_check_host_attr yes, and I have the attribute host for each person in my
LDAP. I want to have 3 levels of authentication : -
First level : a person have numerous attributes « host »
so he is able to authenticate on these hosts -
Second level : a person could be able to
authenticate on a group of host -
Third level : a person is able to authenticate on
all hosts For the first level, for each host I declare one primitive « host »
for my user in openldap : dn:
cn=Francois MEHAULT,ou=Utilisateurs,dc=netplus,dc=fr givenName::
RnJhbsOnb2lz sn:
MEHAULT uid:
fmehault cn:
Francois MEHAULT homeDirectory:
/home/fmehault loginShell:
/usr/local/bin/sh gidNumber:
1203 uidNumber:
1203 objectClass:
inetOrgPerson objectClass:
posixAccount objectClass:
top objectClass:
hostObject userPassword:
{MD5}9x2+UmKKP4OnerSUgXUlxg== host:
labobe1 host:
labobe2 For the third level, I put just the primitive « host :
* » But I don’t know how i could do the second level. I
would like something like groupRadiusName, I want to define numerous group with
host primitive, and each users can be in one group or plus. The goal is that my user have his host primitive plus the
host primitive of his group. Is it possible ? Thanks for your help, Regards, François |