OpenLDAP with host based Access Control?

Discussion in 'Server Operation' started by zstar69, Nov 23, 2012.

  1. zstar69

    zstar69 New Member

    Hey there, running Slapd on Centos 6.3 over Start_tls. Works great, users can login to their ldap accounts through terminal and through the GUI. Awesome.

    Next thing I was asked to do was to restrict certain users/groups to be able to access certain services.

    For example:

    I want anyone in the IT group to be able to SSH to any of our servers.
    I want anyone in the Agents group to be denied access to SSH anywhere.

    And another example,

    I want everyone in the ServiceDesk group to be able to access any FTP server but nobody else.

    I have been following this guide for SSH:

    No matter what, I am always able to login with those users.

    Am I possibly not reading the right information? Is this even possible?

    Is there maybe a way I can do this by hosts?

    For example: Anyone in the agents group cannot connect to on port 22? or better yet Anyone in the Agent's group cannot connect to port 22 ? is our server network. Agents rest on the (office network). We can create firewall rules to deny access from office -> server, but when my lead requested this from me I assumed he was looking for something more than just firewall rules.

    Anyone else able to help out with this?

Share This Page