On Thu, 18 Nov 2010, c0re wrote:
I mean user user1 can must login only on server1,server2 and
And user2 can login only on server5 and server2.
You could probably overload almost anything (dyngroups, OpenLDAP ACLs,
search filters, who knows) to accomplish this, but the cleanest way to do
this in pam_ldap would utilize pam_check_host_attr. I assume pam_ldap
because you mentioned "pam_groupdn" which is not an OpenLDAP configuration