On Fri, Mar 30, 2001 at 08:20:23PM -0500, Richard A Nelson wrote: > > > i'm currently implementing filter attribute for pam_ldap, which would > > > allow you to add a custom filter for your pam module > > > (filter=(service=telnet) would be quite effective.. > > > > Nice. > > Indeed even though i slipped in a typo, it's a good thing you like it.. =) > > Or would it be better to have an attribute for each service like > > filter=(telnet=yes)? > > No... It looks like Sami is doing a real LDAP filter... *VERY* powerful - > gives you all the flexibility you'll likely need true, as LDAP allows you to define multiple services, it's more useful if you use entry like --Snip-- dn: uid=someone,ou=somewhere,o=somecompany,c=FI uid: someone objectclass: alltheusualones service: ftp service: imap service: pop --Snap-- this way it's more extendable, i'm sure that nobody wants to write a schema that includes every possible service. -- -< Sami Haahtinen >- -< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >- | 'If you haven't backed up your files recently, you might | | want to back them up before installing Windows 98' | | -- finnish windows 98 SE installation |
Attachment:
pgpK54jemliJr.pgp
Description: PGP signature