ldap-ux support for posixAccount host attribute

Martin Harte · ‎06-17-2004

Hey,
Is there anyway I can get ldap-ux to check the posixAccount host attribute when it's authenticating users?

All of the documentation seems to refer to pam_authz for this kind of use. That requires using netgroups though and I want to avoid it if I can.

Thanks,

Martin Harte

Doug Lamoureux_2 · ‎08-25-2004

Use a modified search descriptor in the LDAP-UX configuration profile. Using search descriptors is pretty flexible so it will depend on your configuration. Here is one example:

Add an attribute "host" to every users object that idetifies the host(s) that user can login to. This is a multivalued attribute so you can add multiple "hosts".

If you want to allow a user (admin) to login to all hosts add the value "ALL" to the host attribute. You will need to create a custom profile for each ldap-ux host. Modify the passwd and pam search descriptor as follows (replacing HOSTNAME with your ldap-ux client):

servicesearchdescriptor: passwd:ou=people,dc=acme,dc=com?sub?
(&(objectclass=posixaccount)(|(host=ALL)(host=))

servicesearchdescriptor: pam:ou=people,dc=acme,dc=com?sub?
(&(objectclass=posixaccount)(|(host=ALL)(host=))

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

ldap-ux support for posixAccount host attribute

ldap-ux support for posixAccount host attribute

Re: ldap-ux support for posixAccount host attribute