[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using LDAP for authentication

To: "Derek J. Balling" <dredd@megacity.org>, <openldap-software@OpenLDAP.org>
Subject: RE: Using LDAP for authentication
From: "Howard Chu" <hyc@symas.com>
Date: Wed, 4 Sep 2002 10:24:18 -0700
Importance: Normal
In-reply-to: <23EB6510-C027-11D6-A0A7-00039384A830@megacity.org>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek J. Balling

> Perhaps this isn't the right forum (I couldn't connect to the archives
> to peruse them first). If not, my apologies and if someone could point
> me to the right spot, I'd appreciate it.
>
> I want to authenticate a bunch of machines against the LDAP server.
> That's easy. :-)
>
> What's more interesting are:
>
> 1.) Can I set it up so that a given uid is only valid on certain hosts?
>
> 2.) Can I set it up so that a given uid might have, say, /bin/bash as a
> shell on host1, and /bin/false as a shell on host2?
>
> 3.) Similarly, can I set up different homedirs? (on our production
> environment users have shared home directories depending on what they
> do, billing, order-entry, etc.)

LDAP is, at heart, a data retrieval mechanism. You can store whatever
attributes you want with whatever values you want. What you do with that data
is a separate question. In this case, it seems to be a question for pam_ldap.
pam_ldap supports (1) for sure, I haven't looked at whether it handles (2) or
(3). Try the pam_ldap mailing list @ padl.com.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Using LDAP for authentication
  - From: "Derek J. Balling" <dredd@megacity.org>

Prev by Date: RE: ldapadd won't add entry via SASL/DIGEST-MD5
Next by Date: OpenLdap install twarted
Index(es):
- Chronological
- Thread