HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   OpenLDAP with host based Access Control? (http://www.howtoforge.com/forums/showthread.php?t=59676)

zstar69 23rd November 2012 20:47

OpenLDAP with host based Access Control?
 
Hey there, running Slapd on Centos 6.3 over Start_tls. Works great, users can login to their ldap accounts through terminal and through the GUI. Awesome.

Next thing I was asked to do was to restrict certain users/groups to be able to access certain services.

For example:

I want anyone in the IT group to be able to SSH to any of our servers.
I want anyone in the Agents group to be denied access to SSH anywhere.

And another example,

I want everyone in the ServiceDesk group to be able to access any FTP server but nobody else.

I have been following this guide for SSH:

http://www.cyberciti.biz/tips/linux-...hd-server.html

No matter what, I am always able to login with those users.

Am I possibly not reading the right information? Is this even possible?

Is there maybe a way I can do this by hosts?

For example: Anyone in the agents group cannot connect to 192.168.5.5 on port 22? or better yet Anyone in the Agent's group cannot connect to 192.168.5.0/24 port 22 ?

192.168.5.0 is our server network. Agents rest on the 192.168.2.0 (office network). We can create firewall rules to deny access from office -> server, but when my lead requested this from me I assumed he was looking for something more than just firewall rules.

Anyone else able to help out with this?


All times are GMT +2. The time now is 19:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.