[Date Prev][Date Next] [Chronological] [Thread] [Top]

restricting access to application?

Using 2.1.29/bdb 4.52/i386

Is it possible with openldap to restrict using of particular application
existing in the system? I keep accounts in LDAP including shell, password,
and similar information, and I'd like to specify, that particular user
can use some binaries or not (chmod of binary in ldap), or specify, that
particular user can connect to local socket, e.g postgresql/mysql socket,
or IP address of local machine? The last one is probably possible with
some iptables scripts such as uif, which is able to read rulesets from
LDAP, however it would be nice to force kernel to ask openldap for rules
without such scripts.
Do I expect from OpenLDAP too much? :) Is it some rather application-side
or kernel-side problem?