Is it possible to configure a SLES 11 SP1 ldap client (ldap server is Sun/Oracle DSEE) to restrict logins to specific users/groups?
Thanks!
Is it possible to configure a SLES 11 SP1 ldap client (ldap server is Sun/Oracle DSEE) to restrict logins to specific users/groups?
Thanks!
Hi Chaplina,
yes, this is certainly possible.
One way is to create a “group” entry in your LDAP tree for your server “someserver”, similar to
dn: cn=someserver,ou=hostaccess,ou=group,dc=company,dc=com
objectClass: top
objectClass: posixGroup
objectClass: groupOfNames
gidNumber: 999999
member: uid=userA,ou=people,dc=company,dc=com
member: uid=userB,ou=people,dc=company,dc=com
member: uid=userC,ou=people,dc=company,dc=com
where the member entries are the DN of the LDAP users to be granted access (not just “any” DNs - those must be the entries used to verify the authenticity of the users by the LDAP client).
On “someserver”, configure the LDAP client (/etc/ldap.conf) to check that group:
pam_groupdn cn=someserver,ou=hostaccess,ou=group,dc=company,dc=com
pam_member_attribute member
Regards,
Jens