Re: auth trigger

[Pierangelo Masarati <ando@sys-net.it>]

SUBREDU Manuel wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> ~ Hi,
>
> ~ anyone knows if openldap can execute some external scripts when an user
> is authenticated ?
>
> ~ I have the following setup. 14 buildings with ~= 100 computers in each
> building. I want to store all the users for those computers in OpenLDAP
> . When a user needs internet access, he will authenticated against the
> ldap server using pgina (http://pgina.xpasystems.com/). When the user
> has been authenticated by the OpenLDAP server, I want to modify the
> firewall so that the user can have internet access. So, if the OpenLDAP
> server can trigger some events and execute external scripts it will be
> excelent :)
> ~ In the case that my question doesn't have an answer, can anyone suggest
> an alternative solution ? Maybe something you have implemented 
> somewhere  :)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

You may write your own overlay or slapi plugin (>= 2.2 only).  See 
servers/slapd/overlays/backover.txt for an overview, and stuff in 
servers/slapd/overlays/ as guidelines.  Another option, though 
definitely less performing, is to wrap your operations in an instance of 
back-perl/back-shell, whatever is your favourite scripting language.  In 
this case, all operations should be simply passed thru, while the script 
invocation can be injected in the bind operation, if successful.  Of 
course, you need to hide the real DSA behind a fake DSA that does all 
the scripting.

p.




   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497