[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Hooks and Integration

On Monday 31 October 2005 09:12, Rik Herrin wrote:
> Hi,
>   I was wondering if the following is doable using
> OpenLDAP.  Is it possible for the server to obtain
> information and store it in an entry when the user
> authenticates against it?  For example, when a user
> logs in, would it be possible to configure the
> OpenLDAP server to obtain things such as the IP and
> store them in one of the user's attributes?  I wanted
> to do this so that I can integrate OpenLDAP with
> iptables or any other service (perhaps a proxy
> service).  Thanks for your time.

Even if this were feasible (see Howard's reply), it probably wouldn't be the 
best idea (considering that most directory servers are read-optimised and 
logging authentication details would substantially increase the write load 
resulting in much lower read performance).

Now, if you are looking at applying firewall rules (or proxy server 
authentication) based on a user's identity as authenticated to your LDAP 
directory, you may want to take a look at http://www.nufw.org/ (and the squid 
module http://www.inl.fr/squid-nufw-helper.html).

Of course, further discussion of NuFW would most likely be off-topic for this 

Buchan Milne
ISP Systems Specialist

Attachment: pgpYzU4Fs47G5.pgp
Description: PGP signature