[389-users] Limiting access to specific hosts.
Rich Megginson
rmeggins at redhat.com
Wed Jul 7 23:25:46 UTC 2010
Barry Sitompul wrote:
> Hi,
>
>
> I would specify aci for that user with something like this:
>
> aci:(targetattr = "*")(target =
> "ldap:///ou=Restricted,o=tupperware,c=US")(version 3.0; acl
> "Restricted Read Access"; allow (read,search,compare) (userdn =
> "ldap:///uid=someone,ou=users,o=tupperware,c=US") and
> (ip="192.168.1.*" or ip="10.2.3.4" or ip="10.2.3.5" or ip="10.2.3.6") ;)
>
> It doesn't really prevent the uid=someone from logging in but the user
> won't be able to read any attributes from the target tree unless
> accessing from those IP addresses.
>
> Maybe not really what you are after but just a suggestion.
Try
http://directory.fedoraproject.org/wiki/Howto:Posix
and
http://directory.fedoraproject.org/wiki/Howto:Netgroups
>
>
> Cheers,
> Bazza
>
> On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote:
>
>> Hello,
>>
>> I have gotten 389 directory up and running and am beginning to add
>> users, but would like to know how to restrict a user to only logging
>> in to a specific host or a group of hosts. Could anybody point me to
>> some documentation on this? I don't seem to be having much luck
>> finding it through Google.
>>
>> --
>> Anthony
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> <mailto:389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list