On Tue, 2009-12-01 at 20:18 +0100, Joachim Schrod wrote:

Roger Oberholtzer wrote:

...

On Fri, 2009-11-20 at 22:28 +0100, Lars Müller wrote:

...

On Wed, Nov 18, 2009 at 05:09:21PM +0100, Roger Oberholtzer wrote:

...

We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ?

See the ldap setting examples from the samba-doc package in /usr/share/doc/packages/samba/examples/smb.conf.SUSE

Plus the explanations in the smb.conf man page.

I have now looked here. I am none the wiser.

I didn't notice the original thread. If you want to limit LDAP authentication to an OU, you need to change ldap.conf and adapt nss_base_* there. (That's the conf file used by pam_ldap.)

If all persons are below the OU, that's easy, you need to specify the respective new base DN. If not, you need to specify that as an filter, then it gets a bit more complex, but the commented config clauses in this file should give you an hint.

If you want the other uids to be invisible, you also need to change nss-ldap.conf and change "base *" there.

I don't know enough about your setup to be more specific. I also don't know if that can be done via yast.

It does not have to be via YasT. I think joining the AD is one of the few things I do that I rely on YasT. Otherwise, config files and I are usually on a first name basis. All the users share OU=RST. I want to limit valid users to those who have this. -- You can't just ask customers what they want and then try to give that to them. By the time you get it built, they'll want something new. -- Steve Jobs Roger Oberholtzer Ramböll RST/OPQ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Tue, 2009-12-01 at 20:18 +0100, Joachim Schrod wrote:

Roger Oberholtzer wrote:

...

On Fri, 2009-11-20 at 22:28 +0100, Lars Müller wrote:

...

On Wed, Nov 18, 2009 at 05:09:21PM +0100, Roger Oberholtzer wrote:

...

We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ?

See the ldap setting examples from the samba-doc package in /usr/share/doc/packages/samba/examples/smb.conf.SUSE

Plus the explanations in the smb.conf man page.

I have now looked here. I am none the wiser.

I didn't notice the original thread. If you want to limit LDAP authentication to an OU, you need to change ldap.conf and adapt nss_base_* there. (That's the conf file used by pam_ldap.)

If all persons are below the OU, that's easy, you need to specify the respective new base DN. If not, you need to specify that as an filter, then it gets a bit more complex, but the commented config clauses in this file should give you an hint.

If you want the other uids to be invisible, you also need to change nss-ldap.conf and change "base *" there.

I don't know enough about your setup to be more specific. I also don't know if that can be done via yast.

It does not have to be via YasT. I think joining the AD is one of the few things I do that I rely on YasT. Otherwise, config files and I are usually on a first name basis. All the users share OU=RST. I want to limit valid users to those who have this. -- You can't just ask customers what they want and then try to give that to them. By the time you get it built, they'll want something new. -- Steve Jobs Roger Oberholtzer Ramböll RST/OPQ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org