[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to restrict the simultaneous login



Praveen Kumar wrote:
Hi,

I using the LDAP server for authentication and log into a machine.

Now i want the user should not be allowed log into any machine, if it is
already logged into one machine using that LDAP server for the login and
authentication.

Means that there should not be any simultaneous login for the same user. Is
this possible using the LDAP or Not.

I don't think this belongs to LDAP (or to OpenLDAP). In fact, LDAP can provide authentication services, but how, where and when a user is actually logged to what (a machine, an application or whatever) is a matter of system-wide resource access policy, which, with respect to a DSA, is an application (a client), although a user would probably see it as a server. You could, of course, design a layer that keeps track of the fact that authentication requests came in for a given user and related to a given resource, and based on that, deny further access on a specific policy. OpenLDAP supports this by letting you design and implement your own overlay to solve your specific problem.


p.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------