[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: schema for NSS LDAP with not all accounts active

On Fri, Mar 30, 2001 at 08:20:23PM -0500, Richard A Nelson wrote:
> > > i'm currently implementing filter attribute for pam_ldap, which would
> > > allow you to add a custom filter for your pam module
> > > (filter=(service=telnet) would be quite effective..
> >
> > Nice.
> Indeed

even though i slipped in a typo, it's a good thing you like it.. =)

> > Or would it be better to have an attribute for each service like
> > filter=(telnet=yes)?
> No... It looks like Sami is doing a real LDAP filter...  *VERY* powerful -
> gives you all the flexibility you'll likely need

true, as LDAP allows you to define multiple services, it's more useful if you
use entry like

dn: uid=someone,ou=somewhere,o=somecompany,c=FI
uid: someone
objectclass: alltheusualones
service: ftp
service: imap
service: pop

this way it's more extendable, i'm sure that nobody wants to write a schema
that includes every possible service.

			      -< Sami Haahtinen >-
	    -< 2209 3C53 D0FB 041C F7B1  F908 A9B6 F730 B83D 761C >-

      | 'If you haven't backed up your files recently, you might        |
      |  want to back them up before installing Windows 98'             |
      |                           -- finnish windows 98 SE installation |

Attachment: pgpQ4YRfkwQGt.pgp
Description: PGP signature

Reply to: