On 2/19/20 9:55 AM, Клеусов Владимир Сергеевич wrote:
I connected ldap linux clients to the OpenLDAP server. I need to make a certain group of users able to connect to certain computers. How do I do this ?
With most LDAP posix user management deployments you have to configure the Linux clients to query only certain user groups or configure other PAM access control or similar.
My Æ-DIR (based on OpenLDAP) provides views to the Linux clients based on hosts' service group membership and the user groups referenced:
https://www.ae-dir.com/docs.html#er-roles
So no need to configure the clients (except bind-DN and host password).
If you have many clients consider using aehostd for better search performance / less load (see https://ae-dir.com/aehostd.html).
Ciao, Michael.