[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Limiting host access
On Monday, 21 November 2011 09:00:23 Jayavant Patil wrote:
> Hi,
>
> I am just storing the user related information in the directory.
> e.g.
> My .ldif file contents are as follows:
>
> dn: uid=ldap_5,ou=People,dc=dc,dc=com
> uid: ldap_5
> cn: ldap_5
> sn: ldap_5
> mail: ldap_5@dc.com
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> shadowLastChange: 13998
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 513
> gidNumber: 513
> homeDirectory: /lustre/home/ldap_5
One method would be to add the hostObject objectclass, from ldapns.schema
(shipped with pam_ldap source), and add a host attribute with the 'hostname'
of the host for each host the user should be allowed to log in to, and set
'pam_check_host_attr yes' in /etc/ldap.conf (see 'man pam_ldap').
Of course, this depends on which pam module you are using, and there are other
options.
> On Mon, Nov 21, 2011 at 12:05 PM, Jayavant Patil
> <jayavant.patil82@gmail.com
>
> > wrote:
> >
> > Hi,
> >
> > I want to restrict login access to some selected client nodes (by
> >
> > default, openldap allows user access to all client nodes). I have googled
> > for this, tried many different configurations like host
> > attribute,hostObject class etc. but failed to get the required.
> >
> > On Mon, Nov 21, 2011 at 11:47 AM, Bill MacAllister
<whm@stanford.edu>wrote:
> >> --On Monday, November 21, 2011 11:06:21 AM +0530 Jayavant Patil <
> >>
> >> jayavant.patil82@gmail.com> wrote:
> >> Hi,
> >>
> >>> I am using openldap-2.4.19-4 on fedora 12 machine. My question is as
> >>>
> >>> follows:
> >>> How to restrict a user access to some client nodes?
Regards,
Buchan