[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restricting access to application?

To: Piotr Wadas <pwadas@jewish.org.pl>
Subject: Re: restricting access to application?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 28 Apr 2004 13:50:19 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.58.0404261719310.27056@kehillah.jewish.org.pl>
References: <Pine.LNX.4.58.0404261719310.27056@kehillah.jewish.org.pl>

At 08:26 AM 4/26/2004, Piotr Wadas wrote:
>Using 2.1.29/bdb 4.52/i386
>
>Is it possible with openldap to restrict using of particular application
>existing in the system? I keep accounts in LDAP including shell, password,
>and similar information, and I'd like to specify, that particular user
>can use some binaries or not (chmod of binary in ldap), or specify, that
>particular user can connect to local socket, e.g postgresql/mysql socket,
>or IP address of local machine? The last one is probably possible with
>some iptables scripts such as uif, which is able to read rulesets from
>LDAP, however it would be nice to force kernel to ask openldap for rules
>without such scripts.
>Do I expect from OpenLDAP too much? :) Is it some rather application-side
>or kernel-side problem?

Yes, Yes.

References:
- restricting access to application?
  - From: Piotr Wadas <pwadas@jewish.org.pl>

Prev by Date: Re: Special Characters in sn, cn, and gecos attributes
Next by Date: RE: multiple attribute search with single return slowness
Index(es):
- Chronological
- Thread