Netgroups and LDAP?
Uwe Laverenz
uwe at laverenz.de
Fri May 13 00:19:49 PDT 2005
On Thu, May 12, 2005 at 03:59:24PM -0500, Ben Hockenhull wrote:
> I only want certain (large, broad) groups of people to be able to login to
> a given server, and I believe I'm looking to implement netgroups to do
> that, but I haven't been able to find any documentation on how to do that
> with FreeBSD.
You can't use netgroups with FreeBSD/ldap, only passwd and group
databases can be used with ldap AFAIK.
> Any pointers (to config examples, ldif-format schemas that incorporate
> netgroups, etc) or other ideas would be greatly appreciated. If there's
> another way to limit logins via LDAP, I'd be interested in hearing about
> that, too.
If your users have "objectClass: account" there is an attribute "host"
that can be used for limiting access to certain machines. You need the
entry "pam_check_host_attr yes" in your ldap.conf for pam and perhaps
some modifications of the files in /etc/pam.d.
I have never used or tested this but it is a standard feature of
pam-ldap and I guess it should work.
cu,
Uwe
More information about the freebsd-questions
mailing list