Results 1 to 2 of 2

Thread: restrict logins to certain users for SLES 11 SP1 ldap client

Hybrid View

  1. #1

    restrict logins to certain users for SLES 11 SP1 ldap client

    Is it possible to configure a SLES 11 SP1 ldap client (ldap server is Sun/Oracle DSEE) to restrict logins to specific users/groups?

    Thanks!

  2. Re: restrict logins to certain users for SLES 11 SP1 ldap cl

    Hi Chaplina,

    yes, this is certainly possible.

    One way is to create a "group" entry in your LDAP tree for your server "someserver", similar to
    Code:
    dn: cn=someserver,ou=hostaccess,ou=group,dc=company,dc=com
    objectClass: top
    objectClass: posixGroup
    objectClass: groupOfNames
    gidNumber: 999999
    member: uid=userA,ou=people,dc=company,dc=com
    member: uid=userB,ou=people,dc=company,dc=com
    member: uid=userC,ou=people,dc=company,dc=com
    where the member entries are the DN of the LDAP users to be granted access (not just "any" DNs - those must be the entries used to verify the authenticity of the users by the LDAP client).

    On "someserver", configure the LDAP client (/etc/ldap.conf) to check that group:

    Code:
    pam_groupdn cn=someserver,ou=hostaccess,ou=group,dc=company,dc=com
    pam_member_attribute member
    Regards,
    Jens

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •