[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding ipHost for Hout based authentication



On Wed, Mar 3, 2010 at 1:55 PM, Tech Only <stech.only@gmail.com> wrote:
> Hello,
> I am trying to add hosts to the LDAP server for more control on logins.
> I have nis.schema in the slapd.conf file. Below is host.ldif file
> dn: cn=mldap,ou=hosts,dc=aaa
> objectClass: ipHost
> ipHostNumber: 10.10.5.115
> cn: mldap
>
> When I try to add it I get following error.
> ldap_add: Object class violation (65)
> additional info: no structural object class provided
>
> My aim is to add all the network servers under ou=hosts, and then assign
> access to users depending on the need.
>
> Please help!!!!!!

I am doing what you are doing. I specify the object like so

ipHostNumber: 0.0.0.0
objectClass: ipHost
objectClass: device
objectClass: extensibleObject
objectClass: top
cn: myhosts
member: uid=ecapriolo, ou .....
member: uid=someoneelse, ou .....

/etc/ldap.conf
# Change this to enforce different user login
pam_groupdn cn=myhosts,ou=hosts,...
pam_member_attribute    member

I am not sure my usage of ipHost, device, extensibleObject is RFC correct.
I think some people are using groupOfUniqueNames.  In any case Pam is
not checking that ipHostNumber matches or anything like that.

This gets the job down for me.