Hello,
we have a LDAP database, and we have nss_ldap (or rather nss_sss these days) set up so that it allows login to a particular computer only for users which have “host: that_computer” attribute in their LDAP object. Is it possible to do something similar for OpenNebula LDAP auth, without changing our LDAP structure?
For example, my own LDAP object looks like this:
dn: uid=yenya,ou=People,dc=example,dc=com
uid: yenya
cn: yenya
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: extensibleObject
userPassword:: ...
loginShell: /bin/bash
uidNumber: 42
gidNumber: 42
homeDirectory: /home/yenya
gecos: Jan Kasprzak
sn: Kasprzak
givenName: Jan
mail: yenya@example.com
host: arthur
host: ford
host: zaphod
In /etc/sssd/sssd.conf at host “trillian” we have the following line:
ldap_user_search_base = ou=People,dc=example,dc=com?one?host=trillian
With such configuration, my account is not active at trillian.example.com, unless somebody adds the “host: trillian” attribute to my LDAP object. Can such filtering be done also in OpenNebula LDAP authentication module?
Thanks!