I have implemented LDAP on CentOS successfully using Redhat's Directory Server and the great how-to on the CentOS wiki.
Being new to LDAP, I have a question and maybe one of you guys can point me in the right direction: I have LDAP implemented on the network for logins to the workstation pcs. I also have an apache website that I now use LDAP for authentication. What I want, however, is to be able to allow a group of users to authenticate to the apache website, but not be able to login to any of the systems directly nor via ssh.
Any suggestions or pointers in the right direction on where to read up on how to accomplish this specific task would be much appreciated.
Thanks, Giovanni
On Mon, 2009-06-29 at 11:29 -0400, Giovanni Torres wrote:
I have implemented LDAP on CentOS successfully using Redhat's Directory Server and the great how-to on the CentOS wiki.
Being new to LDAP, I have a question and maybe one of you guys can point me in the right direction: I have LDAP implemented on the network for logins to the workstation pcs. I also have an apache website that I now use LDAP for authentication. What I want, however, is to be able to allow a group of users to authenticate to the apache website, but not be able to login to any of the systems directly nor via ssh.
Any suggestions or pointers in the right direction on where to read up on how to accomplish this specific task would be much appreciated.
Thanks, Giovanni _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Giovanni,
I have also just install centos directory server. Successful install, but to be quite honest I hav no idea where to go from here.... is there some howto somewhere that explains how to make workstations authenticate to the DS and such?
Regards, Coert
From: Coert Waagmeester lgroups@waagmeester.co.za
I have also just install centos directory server. Successful install, but to be quite honest I hav no idea where to go from here.... is there some howto somewhere that explains how to make workstations authenticate to the DS and such?
Maybe have a look at the documentation: http://www.redhat.com/docs/manuals/dir-server/
JD
On Mon, Jun 29, 2009 at 11:29 AM, Giovanni Torres torresgi@ninds.nih.govwrote:
I have implemented LDAP on CentOS successfully using Redhat's Directory Server and the great how-to on the CentOS wiki.
Being new to LDAP, I have a question and maybe one of you guys can point me in the right direction: I have LDAP implemented on the network for logins to the workstation pcs. I also have an apache website that I now use LDAP for authentication. What I want, however, is to be able to allow a group of users to authenticate to the apache website, but not be able to login to any of the systems directly nor via ssh.
Any suggestions or pointers in the right direction on where to read up on how to accomplish this specific task would be much appreciated.
I made some notes here: https://sites.google.com/site/disciplinux/linux/centralized-authentication
In short, you add a couple entries to the schema that gives host-based access control.
Create Host Based access Add the 61ldapns.ldif file to /etc/dirsrv/instancename/schema
Grab the above ldif from the link. Then, on the apache servers:
edit /etc/ldap.conf and enable pam_check_host_attr
Then in the dirsrv manager: From the Account Listing Select Field in ObjectClass Add Value Select HostObject Select Add Attribute Select Host Enter first host Select Host Enter Add Value Enter second host Continue for all hosts
I haven't had a chance to detail the notes, but those two entries for hosts and service control allow me to specify what services a user can use and on which servers. So I could, for example, allow a user to use only ssh or only ftp on a particular host.
-
Coert Waagmeester -
Giovanni Torres -
John Doe -
Kwan Lowe