Re: LDAP/UX & Active Directory & Multiple GID

Magic_Wand · ‎04-30-2003

Hi all,

We have integrated our LDAP/UX client with ADS. However, right now, anyone that is in the root domain can log in. We'd like to restrict that by particular GIDs. For example, if Habib is part of Admin group, and Support group, we'd like to DENY people belonging to "support" from being able to log in. Any thoughts and suggestions is greatly appreciated.

================================
SELECT * FROM users WHERE clue > 0

Steven E. Protter · ‎04-30-2003

I know this probably won't make you happy or get me points, but this manual seems to have information directly pertaining to your question.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/J4269-90017/J4269-90017_top.html&con=/hpux/onlinedocs/J4269-90017/00/00/12-con.html&toc=/hpux/onlinedocs/J4269-90017/00/00/12-toc.html&searchterms=Group%7cPermissions%7cLDAP/UX&queryid=20030430-182358

This is less useful but may contain tidbits.

http://docs.hp.com/hpux/onlinedocs/2238/netsecur_final.pdf

Another manual, different date. Similar but not identical content.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/J4269-90017/J4269-90017_top.html&con=/hpux/onlinedocs/J4269-90017/00/00/14-con.html&toc=/hpux/onlinedocs/J4269-90017/00/00/14-toc.html&searchterms=Group%7cPermissions%7cLDAP/UX&queryid=20030430-182358

Good luck.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Magic_Wand · ‎04-30-2003

Thanks SEP, we've already looked at these docs. Although I am going to assign you points (as soon as I can figure out how!) because the pdf file you sent mentions PAM_AUTHZ.1 which pointed me to something promising. Thanks for the help.

================================
SELECT * FROM users WHERE clue > 0

TANGUY_1 · ‎07-24-2003

I tried to use the PAM_AUTHZ.1. It works well with enabled/disbled users (+user in /etc/passwd).
The problem is that it works with netgroup and not group. So it cannnot be configured to work with group that are in AD.
Thats the big problem for me because I don't want to configure netgroup in AD. I don't want administer every user in /etc/passwd with +user.
The other solution is to work with disabled UID in lDAPUX config. But it's not the way i wanted to limit login.
Third solution is to customize the search filter in LDAPUX. I didn't try it but it should work.

Did you find any other solution ?
Thanks
B.TANGUY

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: LDAP/UX & Active Directory & Multiple GID

LDAP/UX & Active Directory & Multiple GID