[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Remapping user info per-system?

While slapd(8) provides some data rewriting capabilities (see back-meta/ldap),
I don't believe slapd(8) has any specific mechanism to support per-client
rewriting.  (Note: Discussion of these capabilities is on-topic.)

Generally this kind of stuff is handled on the client side.  That is,
instead of bothering the directory as to the per-client location of
a shell, just communicate which shell is desired and have the client
locate it.  I'm not aware of clients doing this kind of locating for
shell information, but there is no reason why they couldn't.  Suggest
you work with the developers of the clients you are using to add
such capabilities.  (Note: discussion of these capabilities is
off-topic here.)


At 02:49 PM 2/23/2004, Kirk Strauser wrote:
>At 2004-02-23T19:17:10Z, Tony Earnshaw <tonye@billy.demon.nl> writes:
>> Let's take that right back to "proof of concept". If a Posix UID logs in,
>> he usually gets confronted with a .profile, right? That .profile he has to
>> go through to be able to log in.
>> Now the great test: Can you adapt that .profile to do what you want? I
>> can.
>So, you're suggesting that I set everyone's shell to /bin/sh and use their
>.profile to locate and execute their real preferred shell?  That's an
>interesting idea that I hadn't considered.
>> With apologies to the denizens for the fact that this has *nothing* to do
>> with Openldap and has not been cross-posted to any other list, on which it
>> better can be answered.
>I take exception to that.  OpenLDAP is the application that serves this
>information to client machines.  Althought my knowledge of LDAP is far from
>encyclopedic, I'm unaware of any standardized, portable mechanism for doing
>this sort of thing.  Therefore, I was asking if the OpenLDAP server on my
>system was had this functionality, and if so, what is was called so that I
>could do further research on my own.  This seemed to fit the charter of this
>mailing list exactly, so I posted it here.  If I was wrong, I apologize, but
>I don't see how asking an OpenLDAP-specific question on the mailing list
>meant for OpenLDAP-specific questions was incorrect.
>Kirk Strauser
>In Googlis non est, ergo non est.