Hello All: I am in the process of migrating from OpenLDAP to Fedora Directory Server. Actually most of my testing has been with the RH/CentOS spins, but it appears to be very similar. So far I''ve gotten the main things working: 1) Host based access via AuthorizedHost 2) Service based access via AuthorizedService 3) AIX/Linux <-> LDAP 4) PosixGroup support The one thing I would like is to have group based host access control. E.g., I would like to define a new LDAP group (say, DBA-Production) that includes a bunch of host entries. When needed, I could add a user to the DBA-Production group and automatically give him/her access to the list of defined hosts. Anyone have suggestions on how to approach this? Thanks, Kwan
Rich Megginson
2008-Sep-17 18:55 UTC
Re: [Fedora-directory-users] Group based access control
Kwan Lowe wrote:> Hello All: > I am in the process of migrating from OpenLDAP to Fedora Directory > Server. Actually most of my testing has been with the RH/CentOS spins, > but it appears to be very similar. > > So far I''ve gotten the main things working: > 1) Host based access via AuthorizedHost > 2) Service based access via AuthorizedService > 3) AIX/Linux <-> LDAP > 4) PosixGroup support > > The one thing I would like is to have group based host access > control. E.g., I would like to define a new LDAP group (say, > DBA-Production) that includes a bunch of host entries. When needed, I > could add a user to the DBA-Production group and automatically give > him/her access to the list of defined hosts. Anyone have suggestions > on how to approach this?see http://directory.fedoraproject.org/wiki/Howto:Netgroups> > Thanks, > Kwan > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
On Wed, Sep 17, 2008 at 2:55 PM, Rich Megginson <rmeggins@redhat.com> wrote:> >> The one thing I would like is to have group based host access control. >> E.g., I would like to define a new LDAP group (say, DBA-Production) that >> includes a bunch of host entries. When needed, I could add a user to the >> DBA-Production group and automatically give him/her access to the list of >> defined hosts. Anyone have suggestions on how to approach this? >> > see http://directory.fedoraproject.org/wiki/Howto:Netgroups >Wow. Thank you. It seems it will do exactly what I''m looking for...