[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: auth trigger

SUBREDU Manuel wrote:

Hash: SHA1

~ Hi,

~ anyone knows if openldap can execute some external scripts when an user
is authenticated ?

~ I have the following setup. 14 buildings with ~= 100 computers in each
building. I want to store all the users for those computers in OpenLDAP
. When a user needs internet access, he will authenticated against the
ldap server using pgina (http://pgina.xpasystems.com/). When the user
has been authenticated by the OpenLDAP server, I want to modify the
firewall so that the user can have internet access. So, if the OpenLDAP
server can trigger some events and execute external scripts it will be
excelent :)
~ In the case that my question doesn't have an answer, can anyone suggest
an alternative solution ? Maybe something you have implemented somewhere :)
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

You may write your own overlay or slapi plugin (>= 2.2 only). See servers/slapd/overlays/backover.txt for an overview, and stuff in servers/slapd/overlays/ as guidelines. Another option, though definitely less performing, is to wrap your operations in an instance of back-perl/back-shell, whatever is your favourite scripting language. In this case, all operations should be simply passed thru, while the script invocation can be injected in the bind operation, if successful. Of course, you need to hide the real DSA behind a fake DSA that does all the scripting.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497