Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • Allow LDAP user login only if they are part of a local OS group

    Posted on

    Is there way to restrict LDAP users to login only if they are part of a LOCAL OS group ? What are the steps ..

    Currently i have an openldap client machine setup to talk to an external openldap server . sssd is configured with a domain to lookup in the external ldap server.

    If I have a local OS group on my openldap client machine, say mygroup (gid=5000) .

    I have added the following rule in /etc/security/access.conf
    -:ALL EXCEPT root (mygroup):ALL

    I dont want users from the external ldap servers to login via ssh to my machine if they are not explicitly added to 'mygroup' using gpasswd.

    Problem I see that if external ldap server also has a group defined with gid=5000 , then users belonging to that LDAP group are allowed gett in via ssh even though those users are not yet added to the LOCAL os group 'mygroup'.

    Thanks in advance

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat