Hi all,<br>I&#39;m stuck in the same issue as Serge Fonville. <br>I have created new Auxiliary objectclass &#39;testobj&#39; with &#39;host&#39; attribute &amp; added it to the ou=Groups.Then created 2 entries under Groups as below &amp; assigned members to those groups.<br>
<br>dn: cn=qagroup,ou=Groups,dc=test,dc=com<br>cn: qagroup<br>gidNumber: 4<br>objectClass: posixGroup<br>objectClass: testobj<br>host: <a href="http://x15f12.test.com">x15f12.test.com</a><br>memberUid: uid=ldap1,ou=Users,dc=test,dc=com<br>
memberUid: uid=ldap2,ou=Users,dc=test,dc=com<br><br>dn: cn=admin,ou=Groups,dc=test,dc=com<br>cn: admin<br>gidNumber: 0<br>objectClass: posixGroup<br>objectClass: testobj<br>host: <a href="http://x15ubuntu.test.com">x15ubuntu.test.com</a><br>
memberUid: uid=ldap3,ou=Users,dc=test,dc=com<br>memberUid: uid=ldap4,ou=Users,dc=test,dc=com<br><br>Now <u>which parameter in ldap.conf or any other files I host machine  should I modify and how,</u> so that members from qagroup or admin groups only get access to host mentioned in their respective attributes ??<br>
<br>Thanks in advance<br>Shamika<br><br><br><br><div class="gmail_quote">2009/12/3 Adam Hough <span dir="ltr">&lt;<a href="mailto:adam@gradientzero.com">adam@gradientzero.com</a>&gt;</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Or you can create your own Aux. object class that includes the host<br>
attribute then you just have to modify the ldap.conf for the machine to<br>
restrict user authentication.<br>
<font color="#888888"><br>
- Adam<br>
</font><div><div></div><div class="h5"><br>
On Thu, 2009-12-03 at 10:48 -0300, Jarbas Peixoto Júnior wrote:<br>
&gt; If you are using ssh and pam can be done like this:<br>
&gt;<br>
&gt; # tail /etc/ssh/sshd_config<br>
&gt;<br>
&gt; # Allow client to pass locale environment variables<br>
&gt; AcceptEnv LANG LC_*<br>
&gt;<br>
&gt; Subsystem sftp /usr/lib/openssh/sftp-server<br>
&gt;<br>
&gt; UsePAM yes<br>
&gt;<br>
&gt; # Restringir acesso ao grupo local &#39;suporte&#39; e a grupos LDAP<br>
&gt; AllowGroups suporte &quot;SSH UDSL&quot;<br>
&gt;<br>
&gt; where &quot;SSH UDSL&quot; is a Group in LDAP, and &quot;suporte&quot; is a local group.<br>
&gt;<br>
&gt; 2009/12/3 Serge Fonville &lt;<a href="mailto:serge.fonville@gmail.com">serge.fonville@gmail.com</a>&gt;:<br>
&gt; &gt; Hi,<br>
&gt; &gt;<br>
&gt; &gt; While setting up an LDAP server. I noticed that it is not possible to<br>
&gt; &gt; add a host attribute to a posixGroup.<br>
&gt; &gt;<br>
&gt; &gt; Is there a way to limit a user what host they can logon to based on<br>
&gt; &gt; their group membership?<br>
&gt; &gt;<br>
&gt; &gt; Thanks in advance<br>
&gt; &gt;<br>
&gt; &gt; Regards,<br>
&gt; &gt;<br>
&gt; &gt; Serge Fonville<br>
&gt; &gt;<br>
&gt; &gt; --<br>
&gt; &gt; <a href="http://www.sergefonville.nl" target="_blank">http://www.sergefonville.nl</a><br>
&gt; &gt;<br>
&gt; &gt; Convince Google!!<br>
&gt; &gt; They need to support Adsense over SSL<br>
&gt; &gt; <a href="https://www.google.com/adsense/support/bin/answer.py?hl=en&amp;answer=10528" target="_blank">https://www.google.com/adsense/support/bin/answer.py?hl=en&amp;answer=10528</a><br>
&gt; &gt; <a href="http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&amp;hl=en" target="_blank">http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&amp;hl=en</a><br>
&gt; &gt;<br>
<br>
</div></div></blockquote></div><br>