{{tag>[ldap openldap group ssh sshaccess]}}
=====OpenLDAP - SSH access for group=====
====Configure OpenLDAP====
* Create LDIF for group# vim sshaccess.ldif
dn: cn=sshaccess,ou=groups,dc=,dc=
objectClass: top
objectClass: posixGroup
gidNumber: 3000
* Add LDIF to LDAP:# ldapadd -H ldaps:// -x -W -D "" -f sshaccess.ldif
* Add a user to the new group, create LDIF:# vim addusertogroup.ldif
dn: cn=sshaccess,ou=groups,dc=,dc=
changetype: modify
add: memberuid
memberuid: newuser
* Load LDIF in LDAP:ldapadd -H ldaps:// -x -W -D "" -f addusertogroup.ldif
====Configure SSHd====
* Append to /etc/ssh/sshd_config:# vim /etc/ssh/sshd_config
AllowGroups sshaccess
* Restart sshd:systemctl restart sshd
====Configure login access control====
* Append to /etc/security/access.conf# vim /etc/security/access.conf
+ : dev : ALL
- : ALL : ALL