Mailinglist Archive: opensuse (1840 mails)
| < Previous | Next > |
Re: [opensuse] Re: openSUSE windows Active Directory and OU=
- From: Roger Oberholtzer <roger@xxxxxx>
- Date: Wed, 02 Dec 2009 14:51:33 +0100
- Message-id: <1259761893.8633.31.camel@xxxxxxxxxxxx>
On Wed, 2009-12-02 at 14:20 +0100, Ralf Haferkamp wrote:
Which begs the question:
How, in this context, do I put all users in the same group?
--
Roger Oberholtzer
OPQ Systems / Ramböll RST
Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I see that the Ldap DN record will probably look like this:I understood. AFAIK this is currently not possible with winbind. I just
CN=roropq,OU=RST,OU=KAJ24,OU=MMA,OU=SYD,OU=SCC
where CN= will obviously differ for all, but I think the rest will be
the same. As you move to the left in the OU= list, the scope narrows. It
is OU=RST,OU=KAJ24,OU=MMA,OU=SYD,OU=SCC that I want to restrict login
to.
learned however that you can restrict login based on groupmembership. Please
have a look at the require_membership_of option for pam_winbind in the
pam_winbind man-page. That way, if you put all the desired users into one
group you could restrict login to be allowed only to members of that group.
Which begs the question:
How, in this context, do I put all users in the same group?
--
Roger Oberholtzer
OPQ Systems / Ramböll RST
Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |