[Date Prev][Date Next]
Re: openldap and service permissions
On Tue Feb 22 2005 at 08:36:49 CET, myren wrote:
> >>I'd like large grained control over my services like FTP & Samba.
> >>They're set up to use LDAP for user authentication. I'd like to be
> >>able to enable and disable services on a per user basis. Eventually
> >>I'd like to enable and disable on a per group basis as well.
> Cant you just add some attribute to the user schema for each service and
> check that? That doesnt seem all that heavily relational.
We have an attribute called `service' in each person's entry. This multi-
valued attribute type holds a word for each service (e.g.: 'ftp', 'samba',
'squid', etc.) and we modify (or simply configure) the server program to
query that attribute type, with a filter such as
Has been doing the trick wonderfully for a number of services.