How can I restrict access to Linux server shared directories based on LDAP groups?

Question

Say I have a shared directory "SHARED" on my Linux server, and sub-directories like "REPORTS", "PROJECTS" etc.

"REPORTS" belongs to the group "MANAGERS".

Every client in the LAN (LDAP logged-in) have a NFS mount in their machines pointing to the server shared directory "SHARED", therefore they can view the sub-directories, but...

What I'm trying to do is:

I want sub-directory "REPORTS" to be accessed only by clients whose users belongs to the same server group, eg.: If I'm in group "MANAGERS", then I can access directory "REPORTS".

So far I created identical groups in server and client, same name, same UID, but no success. I'm getting "permission denied" errors.

It seems there's more to do in order to have a user logging in a client to be part of a group created on the server.

Thank you.

score 0 · Answer 1 · answered Jun 03 '20 at 21:31

0

First you have to configure LDAP schema, populate LDAP server and then configure mount points with autofs on clients.

Please follow the detailed instructions at this page.

answered Jun 03 '20 at 21:31

mgsxman

126
2

Thank you, I'll read it. – Marcelo Tenorio de Souza Jun 03 '20 at 21:38

How can I restrict access to Linux server shared directories based on LDAP groups?

1 Answers1