Okay, here goes. Solving this will solve several problems for me (as I can reapply this knowledge to several extant, similar problems), but luckily I have a very specific, concise problem to describe.
Enough preamble. Our hosting partner is setting up VPN access for us and is connecting it to our LDAP server.
They are using Cisco VPN, the docs on setting this up are here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#maintask1
Specifically, note the screenshot in (5), under "ASDM"
Now, I do NOT want to provide access to all of our users. I only want to provide access to our IT group. But I do not see a configuration option for LDAP groups on that web reference for the Cisco VPN.
We are using:
OpenLDAP 2.4
Static groups (i.e. "Group has the following members...")
Single user OU, "ou=users,dc=mycompany,dc=com"
Is it possible to provide an alias of some kind in OpenLDAP that creates another OU, "itusers", say, and lets me alias the members of that OU somehow? Something like:
"cn=Jeff Silverman,ou=itusers,dc=mycompany,dc=com"
is an alias for
"cn=Jeff Silverman,ou=users,dc=mycompany,dc=com"
And is NOT a separate, unique user account.
Alternatively, should I just create a separate OU and manage it separately? It is a pain, but only 12-15 users will have to be managed that way, with two separate user accounts. But I hate this option - messy, unmanageable, unscalable. You know what I mean.
I am open to any options. I've searched and read all over but I can't quite find an directly analagous example. I can't possibly be the only one who's had this problem!
Thanks!
