I tried the OpenSSH DenyGroup directive - worked like a charm!!! Jorge Delacruz --- Jorge Delacruz wrote: > Yes, that is the plan - LDAP will manage user ID's > and > groups. The trick is to prevent the user from > logging > in based on their group association. > > JD > > --- Rudolfo Munguia wrote: > > > Just off of the top of my head, > > > > Shouldn't you be able to add an attribute to your > > server object denoting > > group classification, and then have the users > added > > to the necessary group? > > > > Been a few years since I dealt with LDAP. > > > > On 10/11/07, Jorge Delacruz > > > wrote: > > > > > > Excellent! Thank you! > > > > > > JD > > > > > > --- "Jeremy C. Reed" wrote: > > > > > > > On Thu, 11 Oct 2007, Jorge Delacruz wrote: > > > > > > > > > Anyone ever hear of such a module or means > > that > > > > will reject logins if > > > > > a user is not in the right group? The users > > are > > > > authenticated against > > > > > LDAP, not local files. This is an access > > control > > > > (authorization) issue, > > > > > not an authentication issue. > > > > > > > > If you are using ssh server for logins, have a > > look > > > > at OpenSSH's > > > > DenyGroups and AllowGroups configurations. > > OpenSSH > > > > uses getpwnam(3) to get > > > > the details for the user to-be logged in. > > > > > > > > So use nsswitch to use ldap for group (and > other > > > > databases). Also setup > > > > PAM to use pam_ldap.so also. > > > > > > > > Jeremy C. Reed > > > > > > > --------------------------------------------------- > > > > PLUG-discuss mailing list - > > > > PLUG-discuss@lists.plug.phoenix.az.us > > > > To subscribe, unsubscribe, or to change your > > mail > > > > settings: > > > > > > > > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > > > > > > > Jorge Delacruz > > > > > > > > > > > > > > > > > > ____________________________________________________________________________________ > > > Pinpoint customers who are looking for what you > > sell. > > > http://searchmarketing.yahoo.com/ > > > > > > > > > --------------------------------------------------- > > > PLUG-discuss mailing list - > > PLUG-discuss@lists.plug.phoenix.az.us > > > To subscribe, unsubscribe, or to change your > mail > > settings: > > > > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > --------------------------------------------------- > > PLUG-discuss mailing list - > > PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail > > settings: > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > Jorge Delacruz > > > > ____________________________________________________________________________________ > Yahoo! oneSearch: Finally, mobile search > that gives answers, not web links. > http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC > > --------------------------------------------------- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail > settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > ____________________________________________________________________________________ Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase. http://farechase.yahoo.com/ --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss