Date: Fri, 13 May 2005 09:19:43 +0200 From: Uwe Laverenz <uwe@laverenz.de> To: freebsd-questions@freebsd.org Subject: Re: Netgroups and LDAP? Message-ID: <20050513071943.GA6228@laverenz.de> In-Reply-To: <v03102800bea96ff3c52e@[192.168.11.10]> References: <v03102800bea96ff3c52e@[192.168.11.10]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 12, 2005 at 03:59:24PM -0500, Ben Hockenhull wrote: > I only want certain (large, broad) groups of people to be able to login to > a given server, and I believe I'm looking to implement netgroups to do > that, but I haven't been able to find any documentation on how to do that > with FreeBSD. You can't use netgroups with FreeBSD/ldap, only passwd and group databases can be used with ldap AFAIK. > Any pointers (to config examples, ldif-format schemas that incorporate > netgroups, etc) or other ideas would be greatly appreciated. If there's > another way to limit logins via LDAP, I'd be interested in hearing about > that, too. If your users have "objectClass: account" there is an attribute "host" that can be used for limiting access to certain machines. You need the entry "pam_check_host_attr yes" in your ldap.conf for pam and perhaps some modifications of the files in /etc/pam.d. I have never used or tested this but it is a standard feature of pam-ldap and I guess it should work. cu, Uwe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050513071943.GA6228>