From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 15 08:42:47 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3AC5E16A421
	for <freebsd-questions@freebsd.org>;
	Fri, 15 Feb 2008 08:42:47 +0000 (UTC)
	(envelope-from ganael.laplanche@martymac.com)
Received: from data.galacsys.net (data.galacsys.net [217.24.81.1])
	by mx1.freebsd.org (Postfix) with ESMTP id E2E7013C448
	for <freebsd-questions@freebsd.org>;
	Fri, 15 Feb 2008 08:42:46 +0000 (UTC)
	(envelope-from ganael.laplanche@martymac.com)
Received: from martymac.com (webmail.galacsys.net [217.24.81.215])
	by data.galacsys.net (Postfix) with ESMTP
	id 7740E2099F; Fri, 15 Feb 2008 09:09:23 +0100 (CET)
From: "Ganael LAPLANCHE" <ganael.laplanche@martymac.com>
To: Olivier Nicole <on@cs.ait.ac.th>, jontheil@gmail.com
X-Openwebmail-Date: Fri, 15 Feb 2008 09:09:23 +0100
Message-Id: <20080215080621.M31110@martymac.com>
In-Reply-To: <200802150245.m1F2jN6A013811@banyan.cs.ait.ac.th>
References: <8f82c35c0802131110l7c678965qe6d0c3432f008254@mail.gmail.com>
	<000301c86ed2$17177560$0200a8c0@satellite>
	<8f82c35c0802140420w57a1d5dfpd12b86e57efd585d@mail.gmail.com>
	<200802150245.m1F2jN6A013811@banyan.cs.ait.ac.th>
X-Mailer: Open WebMail 2.01 20030425
X-OriginatingIP: 157.99.64.43 (ganael.laplanche@martymac.com)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Date: Fri, 15 Feb 2008 09:09:23 +0100 (CET)
Cc: dmehler26@woh.rr.com, freebsd-questions@freebsd.org
Subject: Re: LDAP user authentication?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2008 08:42:47 -0000

On Fri, 15 Feb 2008 09:45:23 +0700 (ICT), Olivier Nicole wrote

Hi Olivier,

> Though I am looking one step ahead, how to allow a user to
> authenticate to this machine and not that machine, using the same ldap
> directory.

You can override attributes in you /usr/local/etc/nss_ldap.conf.

Something like this :

nss_override_attribute_value homeDirectory /dev/null
nss_override_attribute_value loginShell /usr/bin/false
nss_override_attribute_value userPassword x

should prevent users from login on your machine.

Best regards,

Ganaël LAPLANCHE
ganael.laplanche@martymac.com
http://www.martymac.com