Re: nss-ldap and different shells?
On Monday 23 February 2004 06:51 pm, Kirk Strauser wrote:
> Sorry for the strange subject, but I wasn't sure how to make this question
> pithy.
>
> I have several hosts that authenticate off the same OpenLDAP server using
> nss-ldap and pam-ldap. The problem is that not every shell that users may
> want is installed on every single host. Some of the hosts aren't
> Linux-based, and have the shells in various directories other than /bin.
>
> Short of installing every shell on every host and coming up with a
> canonical list of paths (which is a highly unpleasant prospect when looking
> at networks with lots of machines from different vendors), is there a way
> to get nss_ldap to "rewrite" the 'loginShell' attribute returned by the
> LDAP server to something reasonable on the local server?
>
> For example, if the user's configured shell is /bin/bash, and bash lives in
> /usr/local/bin/bash on the local system, then I'd like a re-writing rule
> similar to:
>
> map loginShells: /bin/bash => /usr/local/bin/bash
>
> Likewise, if the user wants /bin/zsh, but it isn't installed, then I'd like
> to substitute bash with a rule like:
>
> map loginShells: /bin/zsh => /bin/bash
>
> Even better would be an "alternatives-like" list that could be shared
> across machines, like:
>
> when loginShells == /bin/bash try:
> /bin/bash
> /usr/local/bin/bash
> /bin/sh
>
> when loginShells == /bin/zsh try:
> /bin/zsh
> /usr/local/bin/zsh
> /usr/ksh
> /usr/local/bin/ksh
> /bin/sh
>
> so that, given a particular value of 'loginShells', the first available
> entry is executed. I'm reasonably sure that this ideal solution doesn't
> exist, but I've been pleasantly surprised before.
>
> How have people in this situation managed this problem?
Check out this link:
www.cit.gu.edu.au/~anthony/info/apps/LDAP_unix.notes
John
Reply to: