|
Hi,
I sent this from my work email but its not appeared in the mailing list, am trying it from my hotmail acct to see if it's mroe successful. Newbie post, let me
know if you need any other info, inside leg measurement, blood type
etc.
I wanted to restrict users to logging onto specific hosts, I.e. to keep developers away from Production hosts etc. I managed to do this on thread http://www.linuxquestions.org/questi...-users-789466/ using Sun's SDSCC. We're now migrating to OpenLDAP and I need the same functionality. I found the 'ismemberof' attribute does not appear to be part of the default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43. I found an interesting article at http://forums.devshed.com/ldap-progr...te-191444.html on how to create your own schema's. So I created a file called /etc/openldap/schema/memberof.schema and put in the following text: # The isMemberOf attribute associated with an entity is a # collection of values each of which identifies a group to # which that entity belongs. attributetype ( 1.3.6.1.4.1.5923.1.5.1.1 NAME 'isMemberOf' DESC 'identifiers for groups to which containing entity belongs' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) Then I added this schema to the slapd.conf and restarted ldap. In the client, I've used the same 'ismemberof' line from my previous thread, so it says: nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com?sub?isMemberOf=cn=access,ou=auth,dc=ldn,dc=sw,dc=com Having tried MANY combination's of ?, ( and ) it won't work. So, can anyone comment on my schema, it right? is it complete sh!te? Does the nss_apsswd line need changing now I've moved to Openldap? Comments on a postcard please. BTW - I've been looking at LDAP books to cure my insomnia, and found http://www.amazon.co.uk/LDAP-Directo...2282151&sr=1-1. The books.google.com site had some useful pages from this book but the review on amazon is not great. TIA Stuart. Get a free e-mail account with Hotmail. Sign-up now. |