[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Restricting Login based on AD GID
- To: openldap-technical@openldap.org
- Subject: Re: Restricting Login based on AD GID
- From: Manish Nene <manish@sysrq.in>
- Date: Sun, 10 Nov 2013 23:18:27 +0530
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sysrq.in; s=20130326; t=1384105709; bh=50U3PqBvGv/jl9lHOlcJE2itJsqNia1V7HrUn36TD6c=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=O9MBBl1E7LFUjrd3LapmchaOXB1QwDTXlEaxmAO4ASIHMDNwFeJDS96JuMQRbLpkQ H6TrMjUjyjyOPXcgTN+tfcX76C7SWZYN/tEpFEkQ3gRYXEXsmaYJwqkCsxDDy8JATk X+b4i+uSgm6RA+zTwUoDvMo0/JYzKVrVS3rBY4Hw=
- In-reply-to: <527FB2A3.2050306@stroeder.com>
- References: <527FA09E.6000108@sysrq.in> <527FB2A3.2050306@stroeder.com>
- User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
Hi,
On 10-Nov-13 21:51, Michael Ströder wrote:
Manish Nene wrote:
I've LDAP authentication functioning well against Novell e-directory. Is there
a way I can restrict the login access to appliance based on the GID of an user?
This is not the right forum to ask eDirectory questions.
My question was more from ldap point of view rather than e-directory,
sorry for the confusion. I'm using ldap+winbind to get domain logins to
work which are working fine on my SLES 11.
Generally speaking it's not a good idea to design access control data
structures based on server-side generated attribute values like 'GUID' of
eDirectory or 'entryUUID'.
You should watch out for group entry schema (groupOfNames etc.).
The problem I've is the container in which this Linux server is placed.
Most of the groups which I find from "getent group" have access to the
container & hence the need of restricting the access further. I guess
there was a directive like requiregid* which I can put in ldap.conf &
ensure the restriction is in place.
Ciao, Michael.
Thanks,
- Manish.
------------------------
Powered by BigRock.com