I've used a lot ldap with samba to create multiple pdc. Now I want to use ldap for all my services. Let's suppose you've got a server with ssh, apache, proftpd, postfix, an imap server, a webmail and squid. Every user will have got the possibility of using the mailservices, I've read the documentation for it and I know how to do it. But I don't want that every user of the mailservices can even use ssh, ftp and so on. So I'd like to know if there's a way to store in ldap the information about the possibility of logging in with ssh, upload files with proftpd, use the proxy, accessing parte of the websites using an autetication system with apache. The documentation of proftpd says that it can connect with an ldap server but I cannot find a way to limit the access to the only autorizated users. For squid, ssh and apache I don't have got any idea. The only possible solution I've found is that if I use pam to autenticate my users I just can put something like this in the configuration files: auth required pam_ldap.so filter=(uid=*a*) So I could add some fields to my users like UserCanLogin, UserCanDoFtp, UserCanUseProxy and then filter them upon their values. But in this case I still have got a trouble: should I write a schema on my own to get these entries or does anyone of you know if there's something already done? Thank you. -- Non c'è più forza nella normalità, c'è solo monotonia.
Attachment:
signature.asc
Description: Digital signature