[Fwd: Re: Using LDAP for authentication]

[Jim C <jcllings@tsunamicomm.net>]

-------- Original Message --------
Subject: Re: Using LDAP for authentication
Date: Wed, 04 Sep 2002 14:00:20 -0700
From: Jim C <jcllings@tsunamicomm.net>
To: "Derek J. Balling" <dredd@megacity.org>
References: <23EB6510-C027-11D6-A0A7-00039384A830@megacity.org>

> Perhaps this isn't the right forum (I couldn't connect to the archives
> to peruse them first). If not, my apologies and if someone could point
> me to the right spot, I'd appreciate it.
>
> I want to authenticate a bunch of machines against the LDAP server.
> That's easy. :-)
>
> What's more interesting are:
>

> 1.) Can I set it up so that a given uid is only valid on certain hosts?


Yes.  There are provisions for this in at least one FAQ I know of.


> 2.) Can I set it up so that a given uid might have, say, /bin/bash as a
> shell on host1, and /bin/false as a shell on host2?


mmmm it might be done but I am not sure how.  It would help to have a
solid understanding of how the DBMS for an object orientated database
functions and I am lacking in this as yet.


> 3.) Similarly, can I set up different homedirs? (on our production
> environment users have shared home directories depending on what they
> do, billing, order-entry, etc.)

You could manage this through the creation of different shares.
For example:

export:
/home/production/$userdir/
and:
/home/billing/$userdir/

Then just change the attribute for directory to match.  Reccomend GQ for
this.