Changes between Version 37 and Version 38 of Internal/LoginService


Ignore:
Timestamp:
Mar 9, 2012, 4:35:00 PM (13 years ago)
Author:
Olivera Tosic
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/LoginService

    v37 v38  
    8181OU admin can only manage accounts for that organization.[[BR]]
    8282
    83 Any person that is a member of sysadmin group in LDAP and admin group in login.yaml will be able to use ControlPanel of the ogs_login service to manage ALL accounts[[BR]]
     83Any person that is a member of sysadmin group in LDAP and admin group in login.yaml will be able to use !ControlPanel of the ogs_login service to manage ALL accounts[[BR]]
    8484
    8585
     
    259259Note:
    260260There is file /usr/share/omf-aggmgr-5.2/omf-aggmgr/public_html/template/ogs_login/orbit_banner.png, used for user management pages. Replace content of that file to show your logo.
     261 === Login service and LDAP ===
     262 * In LDAP there is a host attribute that is used by pam to check if user is allowed to access the machine.
     263 * If that attribute has * in it then user is always allowed access.
     264 * If that attribute is matching the FQDN user is also allowed access.
     265 * Otherwise the auth contains line saying that host attribute didn't match
     266 * For all of this to work it is neccessery that host attribute in ldap.conf is enabled (i.e. uncommented).
     267 * Scheduler operates on LDAP host attribute and changes it accroding to the time and schedule for users that don't have * in their host attribute.