Re: Creating "dynamically configured" directories on a per-user basis

[Dieter Kluenter <dieter@dkluenter.de>]

"Sebastian J. Bronner" <waschtl@sbronner.com> writes:

> I want to offer an addressbook-service for the users of my system similar to 
> the what IMAP does for email:
[...]
> So, I want to have another special directory in users' home directories 
> (perhaps named LDAPdir) which will hold the database files for their 
> addressbook.  I currently have an LDAP namespace that looks like:
>
> dc=sbronner,dc=com
> 	ou=groups
> 		gid=...
> 	ou=users
> 		uid=...
>
> stored in /usr/var/openldap.  The users' addressbooks would be added to the 
> namespace as follows:
>
> uid=john,ou=users,dc=sbronner,dc=com
> 	ou=addressbook
> 		cn=...
>
> This requires that I configure in /etc/openldap/slapd.conf access to each 
> users' directory by the corresponding user.  Now, this is where the dynamic 
> comes in: I don't want to put an entry for each user in this file, but rather 
> some sort of formula that would tell slapd to allow john access to the 
> directory in /home/john/LDAPdir.

What you are aiming at is a sort of distributed directory database. If
you really want this, and think about it twice, you have to create a
new database directive in slapd.conf for all your addressbooks, with
'access by self write' and authentication by a sasl mechanism which
uses the getpwent() function.

-Dieter    

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour