Hi Shamika,
there are some examples in the faq-o-meter how to use dynlists. Take a look here. http://www.openldap.org/faq/data/cache/1209.html
Here is a example of my config to do this:
*cat /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/** olcOverlay={0}dynlist.ldif* dn: olcOverlay={0}dynlist objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcDynamicList olcOverlay: {0}dynlist olcDlAttrSet: {0}posixGroup labeledURI memberUid:uid
dn: cn=users,ou=People,ou=Groups,dc=example,dc=com structuralObjectClass: posixGroup objectClass: posixGroup objectClass: labeledURIObject objectClass: top memberUid: username1 memberUid: username2 memberUid: username3 memberUid: username4 memberUid: username5 cn: users gidNumber: 1100 labeledURI: ldap:///ou=Users,dc=example,dc=com?uid?sub?(objectClass=posixAccount)
if you have username1 to 5 in ou=Users,dc=example,dc=com with uid's like this and the objectClass posixAccount.
Maybe you can modify that to your needs.
Bye,
On Thu, Apr 1, 2010 at 15:19, Shamika Joshi shamika.joshi@gmail.com wrote:
Hi The desired implementation is to control user logins on different lab machines based on the project groups. Scenario: Bob is part of project group 'mars' & John is part of 'venus' then I have added lab machines x1-x3 to group 'mars' & y1-y3 to group venus. Now I want John to only access machines allocated for project 'mars' i.e x1 to x3 & John to access machines allocated for 'venus' i.e y1 to y3
I went through this linkhttp://www.hurricanelabs.com/september2009_login_security_using_openldap_and_pamlearned that it can be achieved using "overlay dynlist". Please correct me if I've got it wrong. However my lab server is Ubuntu 9.10 (karmic koala) and it is using slapd.d (not slapd.conf) So now if I want to attempt to use "overlay dynlist" how should I go about it? Has anyone done this before? Any help will be appreciated.
Thanks Shamika