0

I have multiple private subnets on AWS VPC (Virtual Private Cloud). E.g. 10.0.128.0/20, 10.0.192.0/20, 10.0.224.0/20 etc. I have an OpenVPN gateway on the VPC which allows users to connect to these private subnets. This OpenVPN gateway currently uses PAM authentication.

What I am trying to do is to create different user groups and give selective subnet access permissions to those groups. E.g. the following can be the access permission list.

UserGroup1 can access 10.0.128.0/20 UserGroup2 can access 10.0.128.0/20 and 10.0.224.0/20 UserGroup3 can access 10.0.192.0/20 UserGroup4 can access NONE

I have explored OpenLDAP a little (really little) for this purpose but it is not very clear to me how to do this using LDAP. Ideally, the users should use their keys to connect to the gateway and depending on their group, they should be able to access the permitted subnets. Can someone please tell me what will be a good way to setup this user group permissions?

Thanks.

Improve this question

1 Answer 1

Reset to default
0

I am a little surprised that I did not get a single response on this question. May be this scenario is not as relevant as I though to be. Anyway, I figured a way to achieve this using LDAP and PAM user groups. Ideally, this should be done through LDAP NisNetGroup but it is harder to figure out the settings for that and I found very little help available on net. I followed the steps mentioned in the link below with a few modifications.

How To Authenticate Client Computers Using LDAP on an Ubuntu 12.04 VPS

I am still curious about using NisNetGroup as that will be a cleaner and more secure solution to this problem. Please share your experience if you have worked with that.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.