openldap_sshaccess
Table of Contents
OpenLDAP - SSH access for group
Configure OpenLDAP
- Create LDIF for group
# vim sshaccess.ldif dn: cn=sshaccess,ou=groups,dc=<domain>,dc=<tld> objectClass: top objectClass: posixGroup gidNumber: 3000
- Add LDIF to LDAP:
# ldapadd -H ldaps://<FQDN> -x -W -D "<Manager DN>" -f sshaccess.ldif
- Add a user to the new group, create LDIF:
# vim addusertogroup.ldif dn: cn=sshaccess,ou=groups,dc=<domain>,dc=<tld> changetype: modify add: memberuid memberuid: newuser
- Load LDIF in LDAP:
ldapadd -H ldaps://<FQDN> -x -W -D "<Manager DN>" -f addusertogroup.ldif
Configure SSHd
- Append to /etc/ssh/sshd_config:
# vim /etc/ssh/sshd_config AllowGroups sshaccess
- Restart sshd:
systemctl restart sshd
Configure login access control
- Append to /etc/security/access.conf
# vim /etc/security/access.conf + : dev : ALL - : ALL : ALL
openldap_sshaccess.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1