On Tue, Jul 1, 2008 at 12:17 AM, Joy Khoriaty elventails@elventails.com wrote:
Hi!
I'd like my LDAP users to have different shells on 2 different client machines. Is that possible? how can I set it up?
e.g, on host1, user1 has for shell /bin/bash, on host2, user1 has for shell /bin/rsh
Someone suggested having the defined shell for the user in their LDAP entry be called e.g. /bin/ldap_shell, and symbolic linking accordingly on each machine, but it doesn't give me the granularity I want on a per user basis
Interesting problem; and the suggested solution sounds fairly clean to me -- however, since we're taking ideas:
Write a small wrapper which does an LDAP lookup on a given attribute and parses the return to select the shell. For example, you retrieve from attribute : userLoginShells the values:
hosta:/bin/bash hostb:/bin/rsh
Based on the lookup and the hostname, you get the appropriate shell. You can choose to deny login or give a restricted shell if a match can't be found.
Barring the overhead of actually writing the wrapper, the only advantage (i see) here is management via LDAP of user shells (instead of hitting the console to create symlinks).
-mustafa.