[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using LDAP for authentication



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek J. Balling

> Perhaps this isn't the right forum (I couldn't connect to the archives
> to peruse them first). If not, my apologies and if someone could point
> me to the right spot, I'd appreciate it.
>
> I want to authenticate a bunch of machines against the LDAP server.
> That's easy. :-)
>
> What's more interesting are:
>
> 1.) Can I set it up so that a given uid is only valid on certain hosts?
>
> 2.) Can I set it up so that a given uid might have, say, /bin/bash as a
> shell on host1, and /bin/false as a shell on host2?
>
> 3.) Similarly, can I set up different homedirs? (on our production
> environment users have shared home directories depending on what they
> do, billing, order-entry, etc.)

LDAP is, at heart, a data retrieval mechanism. You can store whatever
attributes you want with whatever values you want. What you do with that data
is a separate question. In this case, it seems to be a question for pam_ldap.
pam_ldap supports (1) for sure, I haven't looked at whether it handles (2) or
(3). Try the pam_ldap mailing list @ padl.com.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support