On Monday 31 October 2005 09:12, Rik Herrin wrote: > Hi, > I was wondering if the following is doable using > OpenLDAP. Is it possible for the server to obtain > information and store it in an entry when the user > authenticates against it? For example, when a user > logs in, would it be possible to configure the > OpenLDAP server to obtain things such as the IP and > store them in one of the user's attributes? I wanted > to do this so that I can integrate OpenLDAP with > iptables or any other service (perhaps a proxy > service). Thanks for your time. Even if this were feasible (see Howard's reply), it probably wouldn't be the best idea (considering that most directory servers are read-optimised and logging authentication details would substantially increase the write load resulting in much lower read performance). Now, if you are looking at applying firewall rules (or proxy server authentication) based on a user's identity as authenticated to your LDAP directory, you may want to take a look at http://www.nufw.org/ (and the squid module http://www.inl.fr/squid-nufw-helper.html). Of course, further discussion of NuFW would most likely be off-topic for this list. -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgpYzU4Fs47G5.pgp
Description: PGP signature