Santosh,

These are the schemas that I use in my slapd.conf:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

You will probably want unix user account entries to look something like this:

dn: cn=Bruce Carleton, ou=people, dc=rbcarleton, dc=com 
uid: rbc 
objectClass: account 
objectClass: posixAccount 
userPassword: {SSHA}somehash 
loginShell: /bin/csh 
uidNumber: 1001 
gidNumber: 1001 
homeDirectory: /home/rbc 
gecos: Bruce Carleton

Unix groups look something like this:

dn: cn=rbc, ou=group, dc=rbcarleton, dc=com 
objectClass: posixGroup 
cn: rbc 
gidNumber: 1001

I put together some presentations and support files for a class I taught a while back.  You can find them at:

http://home.rbcarleton.com/rbc/ldap_class/

I hope that helps.

Best regards,

--Bruce


On Apr 23, 2009, at 7:07 AM, Santosh Balan wrote:


Hi,

My Server is a RHEL 5.0 i386 Architecture and the Clients are RHEL5.0 WS or RHEL4 WS or Thin Client which has minimal installation of Linux. I need information how those schemas will look and what data will it have.

Thanks and Regards
Santosh Balan
+91-9819419509
----- Original Message -----
From: "Andrew Findlay"
To: "Santosh Balan"
Cc: openldap-technical@openldap.org
Subject: Re: Setting up LDAP server
Date: Thu, 23 Apr 2009 11:15:04 +0100


On Thu, Apr 23, 2009 at 02:41:58AM -0500, Santosh Balan wrote:

> I am on the look out for free support and advise. I have implemented a
> basic LDAP server such that it authenticates for my mail server. However
> this time I have been given a project wherein my LDAP works as an
> authentication server for user login as well as mails. Also it should
> have policies while authentication viz. it should disable USB ports for
> the user, it should set a background wallpaper and screensaver which
> should start within 20 secs. of the PC's idle time. It should also if
> possible mount automatically a partition which will be user dependent
> rather that PC dependent.

You do not say what operating system you are using.

I think you need to start by looking at the mechanisms available on the
target OS to implement these policies. This is much more of an OS issue
than an LDAP one. For example, with most Linux distros you can use PAM
and NSS modules to link authentication and authorisation to LDAP.
Solaris has similar mechanisms, and the *BSD systems too (but they are
not identical). I suspect that you will do better to ask about this
in OS-specific groups or mailing lists.

Controlling the wallpaper and screensaver will require configuration of
the window system: Gnome, KDE and MSWindows all have ways to do this
but they are different. It may be possible to link them to LDAP-hosted
policies, but again you need to look at the mechanisms first. You cannot
just setup some data in an LDAP server and expect it to magically control
user desktops.

Once you have identified some control mechanisms you will be able to
look at the way they interact with LDAP. This may require new schema,
which this group certainly is qualified to discuss.

Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------

--
It's News. It's Reviews. It's Interviews. It's Free. What Are You Waiting For?
www.movieline.com!