What is the preferred method to restrict which machines that a particular user can log into? For example:
I have DS instance running and as of now, ANY user in LDAP can log into ANY machine that is configured as a client. I have seen methods online that make use of the "host" attribute, but that was used with OpenLDAP and required a schema that is not standard. Ideally, I would like to use something like host attribute values that contain a host name. That is, a user can only log into a client (devserver, for example) IF that user has a host attribute with a value of "devserver"
If someone could point me in the right direction, I would appreciate it.