Can we limit who can access LDAP tree ?
Sorry, let me make it more clear... some typo in my first
email...
A few thousand ldap client systems are using pam_ldap now
in my environment. pam_unix is before the pam_ldap module in /etc/pam.conf
file.
For some user, we only allows them to logon using a local
unix password. When they enter the local password correctly, the
pam_unix returns success and stop there without calling pam_ldap module.
For other user, we disabled the local password and the system fails on the
pam_unix and continue to pam_ldap to access the LDAP tree for
authentication.
Very often, some local UNIX user enters the password wrong,
or execute some automated scripts to logon to hundred's of LDAP client systems
with wrong password or with wrong ssh key...., so these LDAP client
systems access the LDAP tree unintentionally. It added a lot of extra
load to our ldap tree.
Is there a way in pam.conf or ldap.conf to restrict only a
certain type of user ID to perform authentication with the LDAP tree ?
Please advise.
Thanks a million in advance.
Eric
Hi
We are using pam ldap a few thousand machines. Is
there a way to control only account with a specify name pattern to access LDAP
server ? For example, only user name with a letter b on the 1st position can
query LDAP try when they logon to that system.
Thanks
Eric
