[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Howto setup OpenLDAP as ACL for Servers?

To: openbsd.shen@gmail.com
Subject: Re: Howto setup OpenLDAP as ACL for Servers?
From: Olivier Nicole <on@cs.ait.ac.th>
Date: Tue, 23 Jun 2009 10:28:31 +0700 (ICT)
Cc: openldap-technical@openldap.org
In-reply-to: <6ff3e7140906222016p6388f36cs79d0c5dbea62db07@mail.gmail.com> (message from openbsd shen on Tue, 23 Jun 2009 11:16:33 +0800)
References: <6ff3e7140906222016p6388f36cs79d0c5dbea62db07@mail.gmail.com>

> I have many Windows 2003/Linux Server, and a OpenLDAP server as auth
> server, I want setup ACL in OpenLDAP server, maybe user A allowed to
> login in windows-1 server and Linux-1 server, and user B allowed to
> login in windows-2 server and Linux-2 server.
> How to setup it in OpenLDAP server?

The question is not how to set-up LDAP, but how to setup your Windows
and Linux servers.

For example I use in nss_ldap.conf (Unix)

nss_base_passwd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=samba

And in smb.conf (samba)

[ well I can't find it right now ]

So basically I am using one LDAP attribute that I created
"csimAccountPermission" that lists the various machines/applications
that one user can access.

But that is really depending on what you want to authenticate, not all
applications supports to add an LDAP filter.

Olivier

Follow-Ups:
- Re: Howto setup OpenLDAP as ACL for Servers?
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- Howto setup OpenLDAP as ACL for Servers?
  - From: openbsd shen <openbsd.shen@gmail.com>

Prev by Date: Howto setup OpenLDAP as ACL for Servers?
Next by Date: Re: Database error 22
Index(es):
- Chronological
- Thread