Greetings, I have a Ldap server up and running, all is well. However, I would like to start restricing access to hosts using the host attribute, which if I'm correct is part of the account objectClass. This is a SLES 10.3 system. The id that I migrated from /etc/passwd had the host attribute, but all other id's created later via the YAST gui interface, do not. I believe this is because they are using inetOrgPerson, instead of account. Is there some way of adding the host attribute to newly added users?
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
I believe I have resolved the issue. I found a "valid schema" to add a "hostObject" to my ldap server, then added that objectclass to a user and viola host attribute available.
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
________________________________
From: openldap-technical-bounces+steve.francis=ihg.com@OpenLDAP.org [mailto:openldap-technical-bounces+steve.francis=ihg.com@OpenLDAP.org] On Behalf Of Francis, Steve (IHG) Sent: Monday, April 19, 2010 2:01 PM To: openldap-technical@openldap.org Subject: Restricting acces using host attribute
Greetings, I have a Ldap server up and running, all is well. However, I would like to start restricing access to hosts using the host attribute, which if I'm correct is part of the account objectClass. This is a SLES 10.3 system. The id that I migrated from /etc/passwd had the host attribute, but all other id's created later via the YAST gui interface, do not. I believe this is because they are using inetOrgPerson, instead of account. Is there some way of adding the host attribute to newly added users?
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
Ok, so I sort of have it resolved. I can add the hostObject class manually using a Ldap Editor, but is there a way to get it automaticallly added when creating a new user. Can you edit the ldap client configuration to also use this new objectclass as well so the host attribute gets added?
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
________________________________
From: openldap-technical-bounces+steve.francis=ihg.com@OpenLDAP.org [mailto:openldap-technical-bounces+steve.francis=ihg.com@OpenLDAP.org] On Behalf Of Francis, Steve (IHG) Sent: Monday, April 19, 2010 2:01 PM To: openldap-technical@openldap.org Subject: Restricting acces using host attribute
Greetings, I have a Ldap server up and running, all is well. However, I would like to start restricing access to hosts using the host attribute, which if I'm correct is part of the account objectClass. This is a SLES 10.3 system. The id that I migrated from /etc/passwd had the host attribute, but all other id's created later via the YAST gui interface, do not. I believe this is because they are using inetOrgPerson, instead of account. Is there some way of adding the host attribute to newly added users?
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
openldap-technical@openldap.org
-
Francis, Steve (IHG)