{{tag>[ldap openldap group ssh sshaccess]}} =====OpenLDAP - SSH access for group===== ====Configure OpenLDAP==== * Create LDIF for group

# vim sshaccess.ldif

dn: cn=sshaccess,ou=groups,dc=,dc=
objectClass: top
objectClass: posixGroup
gidNumber: 3000

* Add LDIF to LDAP:# ldapadd -H ldaps:// -x -W -D "" -f sshaccess.ldif * Add a user to the new group, create LDIF:

# vim addusertogroup.ldif

dn: cn=sshaccess,ou=groups,dc=,dc=
changetype: modify
add: memberuid
memberuid: newuser

* Load LDIF in LDAP:ldapadd -H ldaps:// -x -W -D "" -f addusertogroup.ldif ====Configure SSHd==== * Append to /etc/ssh/sshd_config:

# vim /etc/ssh/sshd_config

AllowGroups sshaccess

* Restart sshd:systemctl restart sshd ====Configure login access control==== * Append to /etc/security/access.conf

# vim /etc/security/access.conf

+ : dev : ALL
- : ALL : ALL