[SOLVED] Question about LDAP Groups and Access

pauloedusp · 07-13-2012, 09:18 AM

Messrs.

I have installed a ldap server in a red hat 5.8 64bit I am having difficulty finding a documentation where I explain how I block access of some users on some servers for example:
I have the dba team so they must access the database servers,
OBIEE administrators should only access the servers OBIEE and so forth. how do I do this by blocking ldap ?

I have a doubt about permissions sudores anyone have any documentation where I can get a configuration so that the User can perform certain administrative commands by LDAP.

I appreciate the help!

kbscores · 07-13-2012, 09:23 AM

You can use a filter and host attribute to limit access to servers. Here is a guide on how to do it.

http://www.redbooks.ibm.com/redpapers/pdfs/redp3863.pdf

pauloedusp · 07-13-2012, 03:36 PM

Thanks !!!!!!!!

Other problem i have the client server it does not update by ldap server for example

if i modify one user group is the Other client do not update the modification and i do not know why

I have one more problem when I perform an update on the User Group as a change for example the server client does not receive this update takes too long to upgrade it I have no idea how to solve this
it already happened to you?

Thanks for the manual helped me D + + + + +

kbscores · 07-16-2012, 05:06 PM

Just to clarify is the replication/slave server not updating? If so there most likely is an issue with how slapd.conf is setup. It could also be a network issue. Make sure the port is available on both servers and both servers are allowed to communicate in /etc/hosts.allow. If /etc/hosts.allow is ALL:ALL then that wouldn't be the issue. Just depends on how you have it setup.

pauloedusp · 07-16-2012, 05:14 PM

thank you kbscores

but I solved the problem by configuring the file nscd.conf it is in / etc / nscd.conf

I altereis in the fields of yes to no :

enable-cache passwd no
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd yes
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes

enable-cache group no
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group yes
shared group yes
max-db-size group 33554432
auto-propagate group yes

enable-cache hosts no
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432

and it worked perfectly!!

thanks for the help