[Date Prev][Date Next]
Re: OpenLDAP Hooks and Integration
Rik Herrin wrote:
I was wondering if the following is doable using
OpenLDAP. Is it possible for the server to obtain
information and store it in an entry when the user
authenticates against it?
Your question is poorly specified, which indicates that your objective
is poorly conceived and you really have no idea what you're asking for.
Using my psychic abilities I'm going to do your thinking for you and
take a stab at answering anyway.
For example, when a user
logs in, would it be possible to configure the
OpenLDAP server to obtain things such as the IP and
store them in one of the user's attributes? I wanted
to do this so that I can integrate OpenLDAP with
iptables or any other service (perhaps a proxy
service). Thanks for your time.
Since you are talking about iptables it appears you're interested in
what happens after a user logs into a Linux system. The fact that LDAP
is used to verify the user's authentication to Linux is incidental. In
this scenario, what you're looking for is purely an application-level
concern. I.e., the module that performs the Linux authentication using
LDAP should be responsible for squirreling away whatever other
information you're interested in maintaining. Note that in this scenario
it is impossible for the LDAP server to *gather* any useful information
about the *user's* IP address; the only thing the LDAP server sees is
the IP address of the Linux machine requesting the authentication. Only
the Linux machine knows the actual IP address of the user. Also, even if
the LDAP server could somehow divine the necessary information about the
user, the information is of no value to the LDAP server itself. It is up
to your application-side code to query the attributes anyway. So all of
the development required to implement this feature you desire rests on
the application side.
When you take the time to think through the actual flow of information
and steps needed to process it, it's all pretty obvious. No need to wonder.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/