FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-07-2010, 07:48 PM
"Fairchild, Anthony"
 
Default Limiting access to specific hosts.

Hello,
*
I have gotten 389 directory up and running and am beginning to add users, but would like to know how to restrict a user to only logging in to a specific host or a group of hosts. Could anybody point me to some documentation on this? I don't seem to be having much luck finding it through Google.
*
--
Anthony
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-07-2010, 11:23 PM
Barry Sitompul
 
Default Limiting access to specific hosts.

Hi,

I would specify aci for that user with something like this:
acitargetattr = "*")(target = "ldap:///ou=Restricted,o=tupperware,c=US")(version 3.0; acl "Restricted Read Access"; allow (read,search,compare) (userdn = "ldap:///uid=someone,ou=users,o=tupperware,c=US")*and (ip="192.168.1.*" or ip="10.2.3.4" or ip="10.2.3.5" or*ip="10.2.3.6")
It doesn't really prevent the uid=someone from logging in but the user won't be able to read any attributes from the target tree unless accessing from those IP addresses.
Maybe not really what you are after but just a suggestion.

Cheers,Bazza
On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote:Hello,*I have gotten 389 directory up and running and am beginning to add users, but would like to know how to restrict a user to only logging in to a specific host or a group of hosts. Could anybody point me to some documentation on this? I don't seem to be having much luck finding it through Google.*--Anthony--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-07-2010, 11:25 PM
Rich Megginson
 
Default Limiting access to specific hosts.

Barry Sitompul wrote:
> Hi,
>
>
> I would specify aci for that user with something like this:
>
> acitargetattr = "*")(target =
> "ldap:///ou=Restricted,o=tupperware,c=US")(version 3.0; acl
> "Restricted Read Access"; allow (read,search,compare) (userdn =
> "ldap:///uid=someone,ou=users,o=tupperware,c=US") and
> (ip="192.168.1.*" or ip="10.2.3.4" or ip="10.2.3.5" or ip="10.2.3.6")
>
> It doesn't really prevent the uid=someone from logging in but the user
> won't be able to read any attributes from the target tree unless
> accessing from those IP addresses.
>
> Maybe not really what you are after but just a suggestion.
Try
http://directory.fedoraproject.org/wiki/Howto:Posix
and
http://directory.fedoraproject.org/wiki/Howto:Netgroups
>
>
> Cheers,
> Bazza
>
> On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote:
>
>> Hello,
>>
>> I have gotten 389 directory up and running and am beginning to add
>> users, but would like to know how to restrict a user to only logging
>> in to a specific host or a group of hosts. Could anybody point me to
>> some documentation on this? I don't seem to be having much luck
>> finding it through Google.
>>
>> --
>> Anthony
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> <mailto:389-users@lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 12:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org