[389-users] Access.conf issue
Andrey Ivanov
andrey.ivanov at polytechnique.fr
Mon Nov 23 07:12:52 UTC 2009
2009/11/23 Prashanth Sundaram <psundaram at wgen.net>
> Thanks Robert. That seems to work well.
>
> But here is my scenario I have a bunch of Groups and not sure if I can
> specify multiple groupdn's in ldap.conf.
>
> Group1= Developers on Project1 need access to only proj1 servers
> Group2= QA on Project1 need access to proj1 servers only
> Group3= sysadmins accesss to all servers
>
Even if you can't specify several groups in groupdn you can always change
the filter in pam_filter to something like :
(&(objectClass=posixAccount)(|(memberOf=Group1)(memberOf=Group2)))
Of course you need at first to enable the memberOf plug-in...
@+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20091123/f9a320fb/attachment.html>
More information about the 389-users
mailing list