[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Adding ipHost for Hout based authentication
- To: Tech Only <stech.only@gmail.com>
- Subject: Re: Adding ipHost for Hout based authentication
- From: Edward Capriolo <edlinuxguru@gmail.com>
- Date: Wed, 3 Mar 2010 15:12:36 -0500
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=HfxrwfV7qlIL5HuovJQvRKiSNB/zNhkckm9x6irT8LY=; b=ss8Vdv1jZhaagzwpw3mmYAJz5UBxdOS+mP4ANbiqAFBoKr8CxMDfVauRjMt+SagwkI 4dugLFyRdFnyjPQs7Cq4dD7gq9gja03jXgNMZbesvVRwnmHtt9x4gExkqY3QZijikYYi AzDFGTthnxgtwf0RuvjagYbPnNdsCgBm0HXlw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=tmwLznN6wqzgsJ/Tq4fR4cKIdUAPmsKPNFaVpsQNABT+AE52NWBmLLgFUeqqkGOace xT9oYaG+EP5Cmk5t+pY9ri1OGCaZZcWdOvy+teqrYDGgaPWBr/jkduKtNJDNDVRvvzPi AWzrc8M8CrCV1YBEW0LUPjBPVcSHNxCsWt/cY=
- In-reply-to: <8a8e09a21003031055v12ad9c10h7cdc2a84caddbcb5@mail.gmail.com>
- References: <8a8e09a21003031055v12ad9c10h7cdc2a84caddbcb5@mail.gmail.com>
On Wed, Mar 3, 2010 at 1:55 PM, Tech Only <stech.only@gmail.com> wrote:
> Hello,
> I am trying to add hosts to the LDAP server for more control on logins.
> I have nis.schema in the slapd.conf file. Below is host.ldif file
> dn: cn=mldap,ou=hosts,dc=aaa
> objectClass: ipHost
> ipHostNumber: 10.10.5.115
> cn: mldap
>
> When I try to add it I get following error.
> ldap_add: Object class violation (65)
> additional info: no structural object class provided
>
> My aim is to add all the network servers under ou=hosts, and then assign
> access to users depending on the need.
>
> Please help!!!!!!
I am doing what you are doing. I specify the object like so
ipHostNumber: 0.0.0.0
objectClass: ipHost
objectClass: device
objectClass: extensibleObject
objectClass: top
cn: myhosts
member: uid=ecapriolo, ou .....
member: uid=someoneelse, ou .....
/etc/ldap.conf
# Change this to enforce different user login
pam_groupdn cn=myhosts,ou=hosts,...
pam_member_attribute member
I am not sure my usage of ipHost, device, extensibleObject is RFC correct.
I think some people are using groupOfUniqueNames. In any case Pam is
not checking that ipHostNumber matches or anything like that.
This gets the job down for me.