[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Remapping user info per-system?
We used attribute mapping to use different shells on different hosts
This is a subset of the data for each account in ldap
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shells
loginShell: /bin/bash
muddlab: /usr/etc/other
backend: /usr/etc/other
pinex: /opt/local/bin/pine
public: /bin/bash
shells is a custom objectclass (from our own schema) which allows us to
add on various other shells (namely muddlab, backend, pinex, public)
which are also defined in our schema.
On Sun machines (5.9)
|edit /var/ldap/ldap_client_file
and add |
NS_LDAP_ATTRIBUTEMAP= passwd:loginShell=public
then anyone logging onto that host will get the public shell
On Debian||
edit |/etc/libnss-ldap.conf
and add
|nss_map_attribute loginShell pinex
and anyone logging onto that host will get pinex.
We found this worked well for our needs.
I know this response doesn't have much to do with openLdap,
but I thought if someone was searching the archive it would be
easiest if they could read the reply instead of re-asking.
-Patrick
|
|
Medievalist wrote:
I think you can control the mapping of LDAP attribute entities to different
host items in the nss_ldap configuration file. It'll probably be something
along the lines of "nss_map_attribute" and you should be able to use separate
shell specifications on a host-specific basis.
On HP-UX, mapping of LDAP attributes to rfc2307 items is actually done from
within the LDAP database itself, but on linux/BSD I'm pretty sure it's in
nss_ldap's configuration file... so, as others have requested, you ought to
take this question to the nss_ldap list where I am sure the answer would be
useful to others.
Don't forget to get your own OID if you need to set up some custom schema for
this.
--Charlie