We use ms AD 2008 as ldap / kerberos for our opensolaris machines. So far it works fine, but: 1. It would be nice to have roles assigned to users, by ad group membership (especially root role access for Domain\ Admins). 2. Logon (ssh what else) managed by group membership (as in linux possible with /etc/security/access.conf and pam_access) 3. To have nss_ldap or a replacement, be able to understand recursive groups using DN as member attribute as linux nss_switch could do (No worry apache ldap is also unable to do so, but it knows DN for direct membership, at least a small improvement)
Maybe some one could give me a hint here. thx, Florian Am 30.06.2010 15:47, schrieb Piotr Jasiukajtis: > It works well for me, thanks, > > On Wed, Jun 30, 2010 at 2:13 PM, Milan Jurik <[email protected]> wrote: >> Hi, >> >> On 06/30/10 13:46, Piotr Jasiukajtis wrote: >>> >>> Hi, >>> >>> Where can I find an example on how to use SolarisAuthAttr objects in >>> the LDAP directory? >>> What I would like do to is to move /etc/user_attr from the clients to >>> the server. >>> >>> >> >> Is ldapaddent command helpful for you? >> >> Best regards, >> >> Milan >> > > >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ security-discuss mailing list [email protected]
