On Fri, Mar 30, 2001 at 08:20:23PM -0500, Richard A Nelson wrote:
> > > i'm currently implementing filter attribute for pam_ldap, which would
> > > allow you to add a custom filter for your pam module
> > > (filter=(service=telnet) would be quite effective..
> >
> > Nice.
>
> Indeed
even though i slipped in a typo, it's a good thing you like it.. =)
> > Or would it be better to have an attribute for each service like
> > filter=(telnet=yes)?
>
> No... It looks like Sami is doing a real LDAP filter... *VERY* powerful -
> gives you all the flexibility you'll likely need
true, as LDAP allows you to define multiple services, it's more useful if you
use entry like
--Snip--
dn: uid=someone,ou=somewhere,o=somecompany,c=FI
uid: someone
objectclass: alltheusualones
service: ftp
service: imap
service: pop
--Snap--
this way it's more extendable, i'm sure that nobody wants to write a schema
that includes every possible service.
--
-< Sami Haahtinen >-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-
| 'If you haven't backed up your files recently, you might |
| want to back them up before installing Windows 98' |
| -- finnish windows 98 SE installation |
Attachment:
pgpK54jemliJr.pgp
Description: PGP signature