On Monday, 21 November 2011 09:00:23 Jayavant Patil wrote:
Hi,
I am just storing the user related information in the directory. e.g. My .ldif file contents are as follows:
dn: uid=ldap_5,ou=People,dc=dc,dc=com uid: ldap_5 cn: ldap_5 sn: ldap_5 mail: ldap_5@dc.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13998 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 513 gidNumber: 513 homeDirectory: /lustre/home/ldap_5
One method would be to add the hostObject objectclass, from ldapns.schema (shipped with pam_ldap source), and add a host attribute with the 'hostname' of the host for each host the user should be allowed to log in to, and set 'pam_check_host_attr yes' in /etc/ldap.conf (see 'man pam_ldap').
Of course, this depends on which pam module you are using, and there are other options.
On Mon, Nov 21, 2011 at 12:05 PM, Jayavant Patil <jayavant.patil82@gmail.com
wrote:
Hi,
I want to restrict login access to some selected client nodes (by
default, openldap allows user access to all client nodes). I have googled for this, tried many different configurations like host attribute,hostObject class etc. but failed to get the required.
On Mon, Nov 21, 2011 at 11:47 AM, Bill MacAllister
whm@stanford.eduwrote:
--On Monday, November 21, 2011 11:06:21 AM +0530 Jayavant Patil <
jayavant.patil82@gmail.com> wrote: Hi,
I am using openldap-2.4.19-4 on fedora 12 machine. My question is as
follows: How to restrict a user access to some client nodes?
Regards, Buchan