On Monday, 21 November 2011 09:00:23 Jayavant Patil wrote: > Hi, > > I am just storing the user related information in the directory. > e.g. > My .ldif file contents are as follows: > > dn: uid=ldap_5,ou=People,dc=dc,dc=com > uid: ldap_5 > cn: ldap_5 > sn: ldap_5 > mail: [email protected] > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: shadowAccount > shadowLastChange: 13998 > shadowMax: 99999 > shadowWarning: 7 > loginShell: /bin/bash > uidNumber: 513 > gidNumber: 513 > homeDirectory: /lustre/home/ldap_5
One method would be to add the hostObject objectclass, from ldapns.schema (shipped with pam_ldap source), and add a host attribute with the 'hostname' of the host for each host the user should be allowed to log in to, and set 'pam_check_host_attr yes' in /etc/ldap.conf (see 'man pam_ldap'). Of course, this depends on which pam module you are using, and there are other options. > On Mon, Nov 21, 2011 at 12:05 PM, Jayavant Patil > <[email protected] > > > wrote: > > > > Hi, > > > > I want to restrict login access to some selected client nodes (by > > > > default, openldap allows user access to all client nodes). I have googled > > for this, tried many different configurations like host > > attribute,hostObject class etc. but failed to get the required. > > > > On Mon, Nov 21, 2011 at 11:47 AM, Bill MacAllister <[email protected]>wrote: > >> --On Monday, November 21, 2011 11:06:21 AM +0530 Jayavant Patil < > >> > >> [email protected]> wrote: > >> Hi, > >> > >>> I am using openldap-2.4.19-4 on fedora 12 machine. My question is as > >>> > >>> follows: > >>> How to restrict a user access to some client nodes? Regards, Buchan
