Group Permissions for LDAP Users
Posted: Fri Nov 04, 2011 5:20 pm
Is it possible to use LDAP groups (or local groups with LDAP users) to determine access control? This is different from using groups as part of the Additional LDAP Requirement, I'd like to be able to control access to specific subnets based on group membership.
For example:
Admin group with access to all subnets (10.0.0.0/8).
If not in that group, access to subnets based on the contents of the 'Routing' section of the 'Web Server' config (10.0.0.0/24 and 10.0.1.0/24).
I have tried adding an LDAP group using its exact name, similar to adding LDAP users to control access, but this does not work.
I have also tried creating a new local group and adding an LDAP user to it, also without any luck.
Any help would be greatly appreciated.
For example:
Admin group with access to all subnets (10.0.0.0/8).
If not in that group, access to subnets based on the contents of the 'Routing' section of the 'Web Server' config (10.0.0.0/24 and 10.0.1.0/24).
I have tried adding an LDAP group using its exact name, similar to adding LDAP users to control access, but this does not work.
I have also tried creating a new local group and adding an LDAP user to it, also without any luck.
Any help would be greatly appreciated.