On 10-Nov-13 21:51, Michael Ströder wrote:
Manish Nene wrote:
> I've LDAP authentication functioning well against Novell e-directory. Is there
> a way I can restrict the login access to appliance based on the GID of an user?
This is not the right forum to ask eDirectory questions.
My question was more from
ldap point of view rather than e-directory,
sorry for the confusion. I'm using ldap+winbind to get domain logins to
work which are working fine on my SLES 11.
Generally speaking it's not a good idea to design access control
structures based on server-side generated attribute values like 'GUID' of
eDirectory or 'entryUUID'.
You should watch out for group entry schema (groupOfNames etc.).
I've is the container in which this Linux server is placed.
Most of the groups which I find from "getent group" have access to the
container & hence the need of restricting the access further. I guess
there was a directive like requiregid* which I can put in ldap.conf &
ensure the restriction is in place.
Powered by BigRock.com