Hi,

is there a change to allow only certain/privileged users to log in to a 
server (sol9, and ldap client of DS 5.2)

Lets say:
A ldap domain with 100 users wich are all managed via the directory 
server. And a server or a group of servers, to wich only 20 of these 
users should be allowed to login all others should be denied.

I've read the man page about netgroup, but it didn't really help me with 
this. It is possible to buld a netgroup out of user names, but how can I 
use this for my purpose?

Thank you all

Wolfgang

On Thu, 27 May 2004 18:11:58 +0200, Wolfgang Mair wrote:

> Hi,
> 
> is there a change to allow only certain/privileged users to log in to a 
> server (sol9, and ldap client of DS 5.2)
> 
> Lets say:
> A ldap domain with 100 users wich are all managed via the directory 
> server. And a server or a group of servers, to wich only 20 of these 
> users should be allowed to login all others should be denied.
> 
> I've read the man page about netgroup, but it didn't really help me with 
> this. It is possible to buld a netgroup out of user names, but how can I 
> use this for my purpose?
> 
> Thank you all
> 
> Wolfgang

You can use a search filter in your ldap_client_file to allow access based
on a specific attribute:

NS_LDAP_SERVICE_SEARCH_DESC=passwd:ou=people,dc=blatch,dc=com?one?&(myattribute=allowed))
NS_LDAP_SERVICE_SEARCH_DESC=shadow:ou=people,dc=blatch,dc=com?one?&(myattribute=allowed))

On Thu, 27 May 2004 17:11:58 +0200, Wolfgang Mair <wolfgang.mair@fci.com> wrote:
> this. It is possible to buld a netgroup out of user names, but how can I 
> use this for my purpose?

it is possible to build netgroup triples on the LDAP server and compat mode for sysadmins (or dbas or whoever) on the servers you wish to have limited access on. The procedure is here:-

http://sunportal.sunmanagers.org/pipermail/summaries/2002-January/000604.html

there is also documentation from Sun. It works OK.

-- 
u n d e r a c h i e v e r

If I put a drive into a slot and run format, it reports that

 drive is not available; formatting

Running

devfsadm -v -c disk

doesn't do anything. If I remove the drive, unconfigure the slot

cfgadm -c unconfigure c5::dsk/c5t1d0
devfsadm -C

Then reinstall the drive and run

cfgadm -c configure c5::sd46
devfsadm -v -c disk

The slot disappears and doesn't show up on cfgadm -al. After running
devfsadm a half-dozen more times, the slot will show. This time format
shows a disk in place even though I've removed it and put it in another
slot. I'm running solaris 8 on a E450. I've check out all these
commands on another machine running 9 and they work the way they're
suppose to. Has anyone seen this behavior on their machines?

--myron
=====================================
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
myron@cs.moravian.edu

On Friday 28 May 2004 4:49 pm in comp.sys.sun.admin Myron Kowalski wrote:


> 
> The slot disappears and doesn't show up on cfgadm -al. After running
> devfsadm a half-dozen more times, the slot will show. This time format
> shows a disk in place even though I've removed it and put it in another
> slot. I'm running solaris 8 on a E450. I've check out all these
> commands on another machine running 9 and they work the way they're
> suppose to. Has anyone seen this behavior on their machines?

Sounds like an old and well-known E450 problem.
Early disk backplanes flex and the drive connectors do not make proper
contact.
Remove the side panel and support the backplane with your hand while
inserting the drive. look through from the side of the cage and make 
sure that the connector seats fully.

There is a modification available from Sun to replace the bad backplanes.


-- 
My real address is crn (at) netunix (dot) com
WARNING all messages containing attachments or html will be silently
deleted. Send only plain text.