Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools



OpenLDAP - SSH access for group

Configure OpenLDAP

  • Create LDIF for group
    # vim sshaccess.ldif
    dn: cn=sshaccess,ou=groups,dc=<domain>,dc=<tld>
    objectClass: top
    objectClass: posixGroup
    gidNumber: 3000
  • Add LDIF to LDAP:
    # ldapadd -H ldaps://<FQDN> -x -W -D "<Manager DN>" -f sshaccess.ldif
  • Add a user to the new group, create LDIF:
    # vim addusertogroup.ldif
    dn: cn=sshaccess,ou=groups,dc=<domain>,dc=<tld>
    changetype: modify
    add: memberuid
    memberuid: newuser
  • Load LDIF in LDAP:
    ldapadd -H ldaps://<FQDN> -x -W -D "<Manager DN>" -f addusertogroup.ldif 

Configure SSHd

  • Append to /etc/ssh/sshd_config:
    # vim /etc/ssh/sshd_config
    AllowGroups sshaccess
  • Restart sshd:
    systemctl restart sshd

Configure login access control

  • Append to /etc/security/access.conf
    # vim /etc/security/access.conf
    + : dev : ALL
    - : ALL : ALL
openldap_sshaccess.txt · Last modified: 2015/09/07 13:38 by admin