HPE Community
Operating System - HP-UX
1855272 Members
4689 Online
104109 Solutions
New Discussion

Re: A dumb Ldap question

 
Chuck Ciesinski
Honored Contributor

‎11-01-2006 02:42 AM

‎11-01-2006 02:42 AM

A dumb Ldap question

To all,

Here is my situation in a simplified version;

We have 3 servers: S1, S2 and S3

A.Jack is allowed to access all servers.
B.Jill is allowed to access S1 and S2 but not S3.

Both Jack and Jill are in the LDAP "People" schema. The question is how do you do this within LDAP.

My real $64,000 dollar question is that I am dealing with HPUX, Linux, and Solaris, so pam.authz (HPUX) isn't an option.

Any help will be greatly appreciated.

Thanks in advance,

Chuck
"Show me the $$$$$"
0 Kudos
Reply
1 REPLY 1
Heironimus
Honored Contributor

‎11-01-2006 04:35 AM

‎11-01-2006 04:35 AM

Re: A dumb Ldap question

You don't do it entirely within LDAP. You create LDAP groups and then configure the servers to require the appropriate group. But the server configuration will be different for each platform.

On HP-UX you use pam_authz to specify an LDAP group.

On Linux the standard pam_ldap module lets you specify a required LDAP group.

Off the top of my head I don't know how this works in Solaris. It will probably depend heavily on what version you're running because Sun made some pretty serious changes in 8, 9, and 10.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.