Yes,it shows it correctly. adm...@x6:~$ ldapsearch -xLLL -b cn=u910desk,ou=Machines,dc=testlab,dc=com dn: cn=u910desk,ou=Machines,dc=testlab,dc=com cn: u910desk ipHostNumber: 172.17.5.232 member: cn=placeholder,dc=testlab,dc=com objectClass: top objectClass: groupOfNames objectClass: labeledURIObject objectClass: ipHost labeledURI: ldap://172.17.0.200/ou=Users,dc=testlab,dc=com??one?(host=cms3)
search result of ldap:// 172.17.0.200/ou=Users,dc=testlab,dc=com??one?(host=cms3) shows uid=george, which is correct. Should I be doing any more configuration to get to this login restriction working??? Thanks Shamika On Tue, Apr 6, 2010 at 5:41 PM, Dieter Kluenter <[email protected]> wrote: > Am Tue, 6 Apr 2010 16:54:34 +0530 > schrieb Shamika Joshi <[email protected]>: > > > My cn=config is attached here. I have added users *bob* & *george* > > with host objects *cms2 & cms3* respectively as shown in the below for > > cn=bob,ou=Users,dc=testlab,dc=com > > > > cn: *bob* > > uid: bob > > objectClass: account > > objectClass: posixAccount > > uidNumber: 10001 > > gidNumber: 10001 > > homeDirectory: /home/bob > > loginShell: /bin/sh > > gecos: bob > > description: User account > > host:* cms2* > > userPassword: {SSHA}GtI94c1LAH6F1Wj3rqUGwjND1oUGa2hq > > > > Also I have 2 machines u910desk & x15f12 added with with labledURI > > searching for hostobject value as 'cms2' & 'cms3' respectively as > > shown in the eg below for cn=u910desk,ou=Machines,dc=testlab, dc=com > > > > cn: *u910desk* > > ipHostNumber: *172.17.5.232* > > member: cn=placeholder,dc=testlab,dc=com > > objectClass: top > > objectClass: groupOfNames > > objectClass: labeledURIObject > > objectClass: ipHost > > labeledURI: *ldap:///ou=Users,dc=testlab,dc=com??one?(host=cms2)* > > > > Now if I attempt to *#ssh [email protected]*2 it should allow me > > because bob contains hostobject :cms2 whereas if I do* '#ssh > > [email protected]'* it should fail because 172.17.5.232 is looking > > for host object 'cms2' whereas george contains host object :cms3. > > correct? But in practical scenario this is not happening. It still > > allows me to ssh to both machines using both users bob & george. Any > > clue what I must be missing here? > > put the ssh problem aside and get the dynamic objects working first. > What is the output of a search on the base > cn=u910desk,ou=Machines,dc=testlab, dc=com > do you get the results wanted? > > -Dieter > > -- > Dieter Klünter | Systemberatung > sip: +49.40.20932173 > http://www.dpunkt.de/buecher/2104.html > GPG Key ID:8EF7B6C6 > >
