[Date Prev][Date Next]
RE: Using LDAP for authentication
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek J. Balling
> Perhaps this isn't the right forum (I couldn't connect to the archives
> to peruse them first). If not, my apologies and if someone could point
> me to the right spot, I'd appreciate it.
> I want to authenticate a bunch of machines against the LDAP server.
> That's easy. :-)
> What's more interesting are:
> 1.) Can I set it up so that a given uid is only valid on certain hosts?
> 2.) Can I set it up so that a given uid might have, say, /bin/bash as a
> shell on host1, and /bin/false as a shell on host2?
> 3.) Similarly, can I set up different homedirs? (on our production
> environment users have shared home directories depending on what they
> do, billing, order-entry, etc.)
LDAP is, at heart, a data retrieval mechanism. You can store whatever
attributes you want with whatever values you want. What you do with that data
is a separate question. In this case, it seems to be a question for pam_ldap.
pam_ldap supports (1) for sure, I haven't looked at whether it handles (2) or
(3). Try the pam_ldap mailing list @ padl.com.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support