[389-users] Access.conf issue

Andrey Ivanov andrey.ivanov at polytechnique.fr
Mon Nov 23 07:12:52 UTC 2009


2009/11/23 Prashanth Sundaram <psundaram at wgen.net>

> Thanks Robert. That seems to work well.
>
> But here is my scenario I have a bunch of Groups and not sure if I can
> specify multiple groupdn's in ldap.conf.
>
> Group1= Developers on Project1 need access to only proj1 servers
> Group2= QA on Project1 need access to proj1 servers only
> Group3= sysadmins accesss to all servers
>

Even if you can't specify several groups in groupdn you can always change
the filter in pam_filter to something like :
(&(objectClass=posixAccount)(|(memberOf=Group1)(memberOf=Group2)))

Of course you need at first to enable the memberOf plug-in...

@+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20091123/f9a320fb/attachment.html>


More information about the 389-users mailing list