using pam-ldap to allow ssh logins from only *some* ldap accounts (and not all)
Hi again everyone,
Having gotten an excellent (and quite simple) response to my query about automatic homedir creation upon ssh login, i'm going to push my luck (expecting @ any moment to receive responses with RTFM or somethings close to that sentiment in them).
Our goal is to allow not just *any* LDAP user in our openldap (version 2.4.40) directory, but only those specified as members of a particular group (in our LDAP). We have a custom LDAP attribute (groupSR) that is attached directly to the user's entry (ou=People,uid=<user-login-name>) or we could easily also populate a "more standard" (cn=<groupname>) entry (with memeberUID attributes corresponding to the "allowed SSH users") in the ou=Group branch of our directory.
Pretty sure this was set up quite some time ago here, but the colleagues who I collaborated with to do it are no longer working with me, and I can't for the life of me remember how exactly it was done...
as always, thanks so much for any assistance, as well as for all that everyone does for debian,
~c
Reply to: