Re: LDAP group access restriction

Ju Jianqiang · ‎06-17-2011

We have two requirments on HP Unix LDAP authentication
1.HP UX user are authenticated by LDAP server(Windows 2008). we have done this by configuring PAM-Kerberos.
2.Restrict certain LDAP group to access this HP UX server.("deny;ldap_group;cn=temip,dc=abc,dc=com"). we know there's /etc/opt/ldapux/pam_authz.policy. however we didn't run "setup" command to extend class "DUAConfigProfile" on LDAP server, and customer doesn't want us to modify the LDAP server(windows 2008) too much. So the question is:
1.Can we not to run "setup" command to extend "DUAConfigProfile"? just configure "pam_authz.policy", maybe other confiuration on unix, and how/what to do that?
2. If we have to extend "DUAConfigProfile", what's the minimum attribute of the "DUAConfigProfile" which is just used for group restriction? if manually to add in server, how to do that?

Note: The user profile in LDAP server doesn't have unix related attributes.

Thanks very much in advance

Ju Jianqiang · ‎06-19-2011

Since we just use access rule for "ldap_group", which is based on the nonPOSIXGroup membership. could you just let ldapclientd to connect ldap server without extends "DUAConfigProfile"?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: LDAP group access restriction

LDAP group access restriction

Re: LDAP group access restriction