[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP for Services



On Mon, May 31, 2004 at 04:42:04PM -0400, matt f wrote:
> Hello,
> 
> My question is as follows: How can i orchestrate my ldap database to 
> give users access to a limited domain of services?  If I want someone to 
> be able to use NFS and ProFTP, but not let them login, samba-in, or 
> email, is there anything I can do within the LDAP framework to make this 
> possible?

Do it with ldap filters.

Use different objectclass (ftpuser, sambasamaccount)

or

Use a multi-valued attribute (allowedservices) and put in some magick
words like (ftp, samba, mail, ...)



Then in each apps, customize the ldap filter to match this attribute or
the corresponding OC, depending on your schema
(&(.....)(allowedservices=ftp)).


That's the way I did it for some ldap architectures.

But...it was without sso like kerberos, only ldap auth.


-- 
Emmanuel Lacour ------------------------------------ Easter-eggs
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com   -    http://www.easter-eggs.com



Reply to: