[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using OpenLDAP with multiple servers to authenticate

Hey all,

I am currently using openldap for authenticating users
on multiple servers.  Some users are allowed access on
all the servers and some are allowed access to only on
a few.  My question is what is the best way to set up
the authentication process to check which server they
are trying to login to and if they are allowed to
logon to that server.

I could setup a directory like this....
       /              \
    Server1             Server2
   /      \            /      \   
 UID=joe  UID=fred    UID=joe  UID=sue
However then I have copies of the same user all over
the directory.  

Perhaps a better way is like this...

	/	        	    \
      USERS                      SERVERS
  /      |      \               /        \
UID=joe  UID=Sue  UID=fred   SERVER1     SERVER2
                           /    	    \
			MEMBER: joe      MEMBER: joe
			MEMBER: fred     MEMBER: sue

Is there a way for me to use groups and include the
users as members of each group?  This way I could
authenticate the user and THEN check for authorization
by checking to see if the user is a member of that
server group.  Is this possible?  I know there are
perl scripts to check for group membership but where
would I put this script during the authorization

Thanks for your time


Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger