Hi all,
I'm stuck in the same issue as Serge Fonville.
I have created new Auxiliary objectclass 'testobj' with 'host' attribute & added it to the ou=Groups.Then created 2 entries under Groups as below & assigned members to those groups.

dn: cn=qagroup,ou=Groups,dc=test,dc=com
cn: qagroup
gidNumber: 4
objectClass: posixGroup
objectClass: testobj
host: x15f12.test.com
memberUid: uid=ldap1,ou=Users,dc=test,dc=com
memberUid: uid=ldap2,ou=Users,dc=test,dc=com

dn: cn=admin,ou=Groups,dc=test,dc=com
cn: admin
gidNumber: 0
objectClass: posixGroup
objectClass: testobj
host: x15ubuntu.test.com
memberUid: uid=ldap3,ou=Users,dc=test,dc=com
memberUid: uid=ldap4,ou=Users,dc=test,dc=com

Now which parameter in ldap.conf or any other files I host machine should I modify and how, so that members from qagroup or admin groups only get access to host mentioned in their respective attributes ??

Thanks in advance
Shamika



2009/12/3 Adam Hough <adam@gradientzero.com>
Or you can create your own Aux. object class that includes the host
attribute then you just have to modify the ldap.conf for the machine to
restrict user authentication.

- Adam

On Thu, 2009-12-03 at 10:48 -0300, Jarbas Peixoto Júnior wrote:
> If you are using ssh and pam can be done like this:
>
> # tail /etc/ssh/sshd_config
>
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
>
> Subsystem sftp /usr/lib/openssh/sftp-server
>
> UsePAM yes
>
> # Restringir acesso ao grupo local 'suporte' e a grupos LDAP
> AllowGroups suporte "SSH UDSL"
>
> where "SSH UDSL" is a Group in LDAP, and "suporte" is a local group.
>
> 2009/12/3 Serge Fonville <serge.fonville@gmail.com>:
> > Hi,
> >
> > While setting up an LDAP server. I noticed that it is not possible to
> > add a host attribute to a posixGroup.
> >
> > Is there a way to limit a user what host they can logon to based on
> > their group membership?
> >
> > Thanks in advance
> >
> > Regards,
> >
> > Serge Fonville
> >
> > --
> > http://www.sergefonville.nl
> >
> > Convince Google!!
> > They need to support Adsense over SSL
> > https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
> > http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
> >