Re: How to restrict the simultaneous login

[Pierangelo Masarati <ando@sys-net.it>]

Praveen Kumar wrote:
> Hi,
>
> I using the LDAP server for authentication and log into a machine.
>
> Now i want the user should not be allowed log into any machine, if it is
> already logged into one machine using that LDAP server for the login and
> authentication.
>
> Means that there should not be any simultaneous login for the same user. Is
> this possible using the LDAP or Not.

I don't think this belongs to LDAP (or to OpenLDAP).  In fact, LDAP can 
provide authentication services, but how, where and when a user is 
actually logged to what (a machine, an application or whatever) is a 
matter of system-wide resource access policy, which, with respect to a 
DSA, is an application (a client), although a user would probably see it 
as a server.  You could, of course, design a layer that keeps track of 
the fact that authentication requests came in for a given user and 
related to a given resource, and based on that, deny further access on a 
specific policy.  OpenLDAP supports this by letting you design and 
implement your own overlay to solve your specific problem.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------