[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap and service permissions

To: myren <thefowle@wam.umd.edu>
Subject: Re: openldap and service permissions
From: Jan-Piet Mens <jpm@retail-sc.com>
Date: Tue, 22 Feb 2005 17:18:09 +0100
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <421AE111.20700@wam.umd.edu>
References: <42191500.4090600@wam.umd.edu> <421A1DEF.1090508@sci.fi> <421AE111.20700@wam.umd.edu>
User-agent: Mutt/1.5.7i

On Tue Feb 22 2005 at 08:36:49 CET, myren wrote:

> >>I'd like large grained control over my services like FTP & Samba. 
> >>They're set up to use LDAP for user authentication.  I'd like to be 
> >>able to enable and disable services on a per user basis.  Eventually 
> >>I'd like to enable and disable on a per group basis as well.
...
> Cant you just add some attribute to the user schema for each service and 
> check that?  That doesnt seem all that heavily relational.

We have an attribute called `service' in each person's entry. This multi-
valued attribute type holds a word for each service (e.g.: 'ftp', 'samba',
'squid', etc.) and we modify (or simply configure) the server program to
query that attribute type, with a filter such as

	(&(objectclass=person)(uid=jdoe)(service=ftp))

Has been doing the trick wonderfully for a number of services.

	-JP

References:
- openldap and service permissions
  - From: myren <thefowle@wam.umd.edu>
- Re: openldap and service permissions
  - From: Mike Jackson <mj@sci.fi>
- Re: openldap and service permissions
  - From: myren <thefowle@wam.umd.edu>

Prev by Date: Re: openldap and service permissions
Next by Date: Missing attributes with attribute mapping using rwm overlay (search)
Index(es):
- Chronological
- Thread