[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Hooks and Integration

To: Rik Herrin <rikherrin@yahoo.com>
Subject: Re: OpenLDAP Hooks and Integration
From: Pierangelo Masarati <ando@sys-net.it>
Date: Mon, 31 Oct 2005 11:14:11 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20051031071211.72677.qmail@web52913.mail.yahoo.com>
References: <20051031071211.72677.qmail@web52913.mail.yahoo.com>

On Sun, 2005-10-30 at 23:12 -0800, Rik Herrin wrote:
> Hi,
>   I was wondering if the following is doable using
> OpenLDAP.  Is it possible for the server to obtain
> information and store it in an entry when the user
> authenticates against it?  For example, when a user
> logs in, would it be possible to configure the
> OpenLDAP server to obtain things such as the IP and
> store them in one of the user's attributes?  I wanted
> to do this so that I can integrate OpenLDAP with
> iptables or any other service (perhaps a proxy
> service).  Thanks for your time.

Not with stock OpenLDAP, of course.  What you are asking seems to be
rather application-specific.  You could write an overlay that handles
the response after a (successful) bind in order to store in the
directory the information you need, provided it is available.
Typically, the IP is available from the connection structure, but I
don't much see the need of storing it into the directory, since the
connection-related info will remain the same throughout the life of the
connection, unless you need that info to be persistent.

Note that in case you need that info outside slapd, you can query the
monitor backend (provided you can somehow identify the connection in
order to look it up).  For example (OL 2.3):

$ ldapsearch -x -H ldap://:9011 -b cn=connections,cn=monitor
@extensibleobject
<... snip>
# Connection 0, Connections, Monitor
dn: cn=Connection 0,cn=Connections,cn=Monitor
objectClass: monitorConnection
structuralObjectClass: monitorConnection
cn: Connection 0
monitorConnectionNumber: 0
monitorConnectionProtocol: 3
monitorConnectionOpsReceived: 1
monitorConnectionOpsExecuting: 0
monitorConnectionOpsPending: 0
monitorConnectionOpsCompleted: 1
monitorConnectionGet: 1
monitorConnectionRead: 1
monitorConnectionWrite: 0
monitorConnectionMask: r
monitorConnectionAuthzDN: cn=Manager,dc=example,dc=com
monitorConnectionListener: ldap://:9011
monitorConnectionPeerDomain: unknown
monitorConnectionLocalAddress: IP=127.0.0.1:32822
monitorConnectionPeerAddress: IP=0.0.0.0:9011
monitorConnectionStartTime: 20051031101050Z
monitorConnectionActivityTime: 20051031101050Z
creatorsName:
modifiersName:
createTimestamp: 20051031101050Z
modifyTimestamp: 20051031101050Z
entryDN: cn=Connection 0,cn=Connections,cn=Monitor
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
<... snip>

p.



    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- OpenLDAP Hooks and Integration
  - From: Rik Herrin <rikherrin@yahoo.com>

Prev by Date: Re: OpenLDAP Hooks and Integration
Next by Date: Re: Corrupt LDAP DB ... ans 2.3.11 syncrepl
Index(es):
- Chronological
- Thread