Hi Peter, we used a different method here for linux hosts. We put the groups we want to grant access to in /etc/security/access.conf ; ala:
[root@---]# egrep -v ^# /etc/security/access.conf - : ALL EXCEPT root admin pci_sysadmin pci_devadmin : ALL and then just add users to the group which permits access to the machines in question via ldap. [root@---]# id wnoble uid=9999(wnoble) gid=9999(pci_sysadmin) groups=77(puppet),9999(pci_sysadmin),9998(sysadmin) that was the cleanest way I found to do it, but ymmv W On Dec 12, 2011, at 2:24 PM, Peter Berghold wrote: > Having a brain storm this morning I had a thought. This can be dangerous at > times. > > I have an infrastructure where I am moving user authentication to be LDAP > based. Further I am working out how to create host groups in LDAP such that I > can group which user can log into what hosts. For instance I have > > $users = ['tom','dick','jaine','harry','sally'] > > apple_host_users = ['tom','jane','sally'] > > bannana_host_users=['dick','harry'] > etc. > > Only instead of puppet arrays I'd be doing this in LDAP. > > Has anybody managed to come up with a class or define that would query an > LDAP server for a hostgroup and create the home directories and apply a > skeleton to those directories based on the users in the host group? > > I'm thinking this is probably going to have to be a custom fact... > > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. ________________________________ This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/about-us-legal-email-disclaimer.htm for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
