include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
You will probably want unix user account entries to look something like this:
dn: cn=Bruce Carleton, ou=people, dc=rbcarleton, dc=com
uid: rbc
objectClass: account
objectClass: posixAccount
userPassword: {SSHA}somehash
loginShell: /bin/csh
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/rbc
gecos: Bruce Carleton
Unix groups look something like this:
dn: cn=rbc, ou=group, dc=rbcarleton, dc=com
objectClass: posixGroup
cn: rbc
gidNumber: 1001
I put together some presentations and support files for a class I taught a while back. You can find them at:
I hope that helps.
Best regards,
--Bruce
On Apr 23, 2009, at 7:07 AM, Santosh Balan wrote:
Hi,
My Server is a RHEL 5.0 i386 Architecture and the Clients are RHEL5.0 WS or RHEL4 WS or Thin Client which has minimal installation of Linux. I need information how those schemas will look and what data will it have.
Thanks and Regards
Santosh Balan
+91-9819419509
----- Original Message -----
From: "Andrew Findlay"
To: "Santosh Balan"
Cc: openldap-technical@openldap.org
Subject: Re: Setting up LDAP server
Date: Thu, 23 Apr 2009 11:15:04 +0100
On Thu, Apr 23, 2009 at 02:41:58AM -0500, Santosh Balan wrote:
> I am on the look out for free support and advise. I have implemented a
> basic LDAP server such that it authenticates for my mail server. However
> this time I have been given a project wherein my LDAP works as an
> authentication server for user login as well as mails. Also it should
> have policies while authentication viz. it should disable USB ports for
> the user, it should set a background wallpaper and screensaver which
> should start within 20 secs. of the PC's idle time. It should also if
> possible mount automatically a partition which will be user dependent
> rather that PC dependent.
You do not say what operating system you are using.
I think you need to start by looking at the mechanisms available on the
target OS to implement these policies. This is much more of an OS issue
than an LDAP one. For example, with most Linux distros you can use PAM
and NSS modules to link authentication and authorisation to LDAP.
Solaris has similar mechanisms, and the *BSD systems too (but they are
not identical). I suspect that you will do better to ask about this
in OS-specific groups or mailing lists.
Controlling the wallpaper and screensaver will require configuration of
the window system: Gnome, KDE and MSWindows all have ways to do this
but they are different. It may be possible to link them to LDAP-hosted
policies, but again you need to look at the mechanisms first. You cannot
just setup some data in an LDAP server and expect it to magically control
user desktops.
Once you have identified some control mechanisms you will be able to
look at the way they interact with LDAP. This may require new schema,
which this group certainly is qualified to discuss.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
-- It's News. It's Reviews. It's Interviews. It's Free. What Are You Waiting For?
www.movieline.com!