[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Remapping user info per-system?

We used attribute mapping to use different shells on different hosts

This is a subset of the data for each account in ldap

objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shells
loginShell: /bin/bash
muddlab: /usr/etc/other
backend: /usr/etc/other
pinex: /opt/local/bin/pine
public: /bin/bash

shells is a custom objectclass (from our own schema) which allows us to add on various other shells (namely muddlab, backend, pinex, public) which are also defined in our schema.

On Sun machines (5.9)
|edit /var/ldap/ldap_client_file
and add |

NS_LDAP_ATTRIBUTEMAP= passwd:loginShell=public

then anyone logging onto that host will get the public shell

On Debian||
edit |/etc/libnss-ldap.conf
and add
|nss_map_attribute loginShell pinex

and anyone logging onto that host will get pinex.

We found this worked well for our needs.

I know this response doesn't have much to do with openLdap,
but I thought if someone was searching the archive it would be
easiest if they could read the reply instead of re-asking.



Medievalist wrote:

I think you can control the mapping of LDAP attribute entities to different host items in the nss_ldap configuration file. It'll probably be something along the lines of "nss_map_attribute" and you should be able to use separate shell specifications on a host-specific basis.

On HP-UX, mapping of LDAP attributes to rfc2307 items is actually done from within the LDAP database itself, but on linux/BSD I'm pretty sure it's in nss_ldap's configuration file... so, as others have requested, you ought to take this question to the nss_ldap list where I am sure the answer would be useful to others.

Don't forget to get your own OID if you need to set up some custom schema for this.