Hi again everyone,
Having gotten an excellent (and quite simple) response to my query about
automatic homedir creation upon ssh login, i'm going to push my luck (expecting
@ any moment to receive responses with RTFM or somethings close to that
sentiment in them).
Our goal is to allow not just *any* LDAP user in our openldap (version 2.4.40)
directory, but only those specified as members of a particular group (in our
LDAP). We have a custom LDAP attribute (groupSR) that is attached directly to
the user's entry (ou=People,uid=<user-login-name>) or we could easily also
populate a "more standard" (cn=<groupname>) entry (with memeberUID attributes
corresponding to the "allowed SSH users") in the ou=Group branch of our
directory.
Pretty sure this was set up quite some time ago here, but the colleagues who I
collaborated with to do it are no longer working with me, and I can't for the
life of me remember how exactly it was done...
as always, thanks so much for any assistance, as well as for all that
everyone does for debian,
~c
