Server authentication

[Rudolfo Munguia]

Just off of the top of my head,

Shouldn't you be able to add an attribute to your server object denoting
group classification, and then have the users added to the necessary group?

Been a few years since I dealt with LDAP.

On 10/11/07, Jorge Delacruz <alterthegrid at yahoo.com> wrote:
>
> Excellent!  Thank you!
>
> JD
>
> --- "Jeremy C. Reed" <reed at reedmedia.net> wrote:
>
> > On Thu, 11 Oct 2007, Jorge Delacruz wrote:
> >
> > >   Anyone ever hear of such a module or means that
> > will reject logins if
> > > a user is not in the right group?  The users are
> > authenticated against
> > > LDAP, not local files.  This is an access control
> > (authorization) issue,
> > > not an authentication issue.
> >
> > If you are using ssh server for logins, have a look
> > at OpenSSH's
> > DenyGroups and AllowGroups configurations. OpenSSH
> > uses getpwnam(3) to get
> > the details for the user to-be logged in.
> >
> > So use nsswitch to use ldap for group (and other
> > databases). Also setup
> > PAM to use pam_ldap.so also.
> >
> >   Jeremy C. Reed
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> > PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail
> > settings:
> >
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
> Jorge Delacruz
>
>
>
>
> ____________________________________________________________________________________
> Pinpoint customers who are looking for what you sell.
> http://searchmarketing.yahoo.com/
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20071012/b708ea80/attachment.htm