restrict logins to certain users for SLES 11 SP1 ldap client

Is it possible to configure a SLES 11 SP1 ldap client (ldap server is Sun/Oracle DSEE) to restrict logins to specific users/groups?

Thanks!

Hi Chaplina,

yes, this is certainly possible.

One way is to create a “group” entry in your LDAP tree for your server “someserver”, similar to

dn: cn=someserver,ou=hostaccess,ou=group,dc=company,dc=com objectClass: top objectClass: posixGroup objectClass: groupOfNames gidNumber: 999999 member: uid=userA,ou=people,dc=company,dc=com member: uid=userB,ou=people,dc=company,dc=com member: uid=userC,ou=people,dc=company,dc=com

where the member entries are the DN of the LDAP users to be granted access (not just “any” DNs - those must be the entries used to verify the authenticity of the users by the LDAP client).

On “someserver”, configure the LDAP client (/etc/ldap.conf) to check that group:

pam_groupdn cn=someserver,ou=hostaccess,ou=group,dc=company,dc=com pam_member_attribute member

Regards,
Jens