Re: schema for NSS LDAP with not all accounts active

[Jeremy Lunn <jeremy@austux.net>]

On Fri, Mar 30, 2001 at 11:54:37PM +0300, Sami Haahtinen wrote:
> i'm currently implementing filter attribute for pam_ldap, which would allow you
> to add a custom filter for your pam module (filter=(service=telnet) would be
> quite effective..

Nice.

I was going to implement LDAP for someone but they seem to have lost
interest and they are just doing nothing depsite having 2 x flakey Red 
Hat 4.x machines at the core of their network (one does authentication
the other one does dialins).

But if they do go LDAP or if I am setting up something simular for
someone else then I would be looking at something like that.  But I'm
just curious how that would handle having multiple services.  Would it
just be a matter of having them deliminated with a comma or something?
Or would it be better to have an attribute for each service like
filter=(telnet=yes)?

-- 
Jeremy Lunn
Melbourne, Australia