[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL

To: Craig Hancock <chancock@bsd.uchicago.edu>
Subject: Re: ACL
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 02 Jan 2001 20:49:06 -0800
Cc: openldap-general <openldap-general@OpenLDAP.org>
In-reply-to: <3A52A9D5.D7023B36@bsd.uchicago.edu>

At 10:25 PM 1/2/01 -0600, Craig Hancock wrote:
>If you have a machine that authenticates many machines via ldap is there a way
>to only allo certain users to access certain machines?

Assuming each machine uses a different LDAP authentication
identity, one could establish ACLs to govern which "account"
entries were visable to the machine.  Some servers, including
OpenLDAP's, support data dependent ACLs (such as use of a
filter).  Or, alternatively, you could just alter the filter
the machine authentication client uses to match "account"
entries.  In either case, you need to have some attribute
value assertion to which can be used to distinguished
which users can access a particular machine.

Kurt

References:
- ACL
  - From: Craig Hancock <chancock@bsd.uchicago.edu>

Prev by Date: ACL
Next by Date: Apache Userdir from LDAP?
Index(es):
- Chronological
- Thread