[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using OpenLDAP with multiple servers to authenticate

To: OpenLDAP-software@OpenLDAP.org
Subject: Using OpenLDAP with multiple servers to authenticate
From: m g <georwell2000@yahoo.com>
Date: Mon, 10 Sep 2001 12:14:22 -0700 (PDT)

Hey all,

I am currently using openldap for authenticating users
on multiple servers.  Some users are allowed access on
all the servers and some are allowed access to only on
a few.  My question is what is the best way to set up
the authentication process to check which server they
are trying to login to and if they are allowed to
logon to that server.

I could setup a directory like this....
	      TOP
       /              \
    Server1             Server2
   /      \            /      \   
 UID=joe  UID=fred    UID=joe  UID=sue
 
However then I have copies of the same user all over
the directory.  

Perhaps a better way is like this...

		TOP
	/	        	    \
      USERS                      SERVERS
  /      |      \               /        \
UID=joe  UID=Sue  UID=fred   SERVER1     SERVER2
                           /    	    \
			MEMBER: joe      MEMBER: joe
			MEMBER: fred     MEMBER: sue


Is there a way for me to use groups and include the
users as members of each group?  This way I could
authenticate the user and THEN check for authorization
by checking to see if the user is a member of that
server group.  Is this possible?  I know there are
perl scripts to check for group membership but where
would I put this script during the authorization
process?  

Thanks for your time

Michael 





__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Follow-Ups:
- Re: Using OpenLDAP with multiple servers to authenticate
  - From: Christian Mayrhuber <christian@osiris.at>

Prev by Date: Re: Roaming Access
Next by Date: Problems with nss_ldap
Index(es):
- Chronological
- Thread