[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restricting access to application?



At 08:26 AM 4/26/2004, Piotr Wadas wrote:
>Using 2.1.29/bdb 4.52/i386
>
>Is it possible with openldap to restrict using of particular application
>existing in the system? I keep accounts in LDAP including shell, password,
>and similar information, and I'd like to specify, that particular user
>can use some binaries or not (chmod of binary in ldap), or specify, that
>particular user can connect to local socket, e.g postgresql/mysql socket,
>or IP address of local machine? The last one is probably possible with
>some iptables scripts such as uif, which is able to read rulesets from
>LDAP, however it would be nice to force kernel to ask openldap for rules
>without such scripts.
>Do I expect from OpenLDAP too much? :) Is it some rather application-side
>or kernel-side problem?

Yes, Yes.