[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Want interesting restrictions to ldap auth on different servers to different users



can you give an example of usage pam_check_host_attr?

And how can I use group of hosts and assign user to this group to
permit access user to this group avoiding enumerating  hosts in users
dn each time I add new user?

What should I set in "host:"? Hostname of server? How host attr are
sent to pam_ldap?

2010/11/18 Aaron Richton <richton@nbcs.rutgers.edu>:
> On Thu, 18 Nov 2010, c0re wrote:
>
>> I mean user user1 can must login only on server1,server2 and server3.
>> And user2 can login only on server5 and server2.
>
> You could probably overload almost anything (dyngroups, OpenLDAP ACLs,
> search filters, who knows) to accomplish this, but the cleanest way to do
> this in pam_ldap would utilize pam_check_host_attr. I assume pam_ldap
> because you mentioned "pam_groupdn" which is not an OpenLDAP configuration
> directive.
>