OpenLDAP with host based Access Control?
Hey there, running Slapd on Centos 6.3 over Start_tls. Works great, users can login to their ldap accounts through terminal and through the GUI. Awesome.
Next thing I was asked to do was to restrict certain users/groups to be able to access certain services.
I want anyone in the IT group to be able to SSH to any of our servers.
I want anyone in the Agents group to be denied access to SSH anywhere.
And another example,
I want everyone in the ServiceDesk group to be able to access any FTP server but nobody else.
I have been following this guide for SSH:
No matter what, I am always able to login with those users.
Am I possibly not reading the right information? Is this even possible?
Is there maybe a way I can do this by hosts?
For example: Anyone in the agents group cannot connect to 192.168.5.5 on port 22? or better yet Anyone in the Agent's group cannot connect to 192.168.5.0/24 port 22 ?
192.168.5.0 is our server network. Agents rest on the 192.168.2.0 (office network). We can create firewall rules to deny access from office -> server, but when my lead requested this from me I assumed he was looking for something more than just firewall rules.
Anyone else able to help out with this?
|All times are GMT +2. The time now is 12:03.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.