Hi,

I sent this from my work email but its not appeared in the mailing list, am trying it from my hotmail acct to see if it's mroe successful.

I wanted to restrict users to logging onto specific hosts, I.e. to keep developers away from Production hosts etc. I managed to do this on thread http://www.linuxquestions.org/questi...-users-789466/ using Sun's SDSCC.

We're now migrating to OpenLDAP and I need the same functionality. I found the 'ismemberof' attribute does not appear to be part of the default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43.

I found an interesting article at http://forums.devshed.com/ldap-progr...te-191444.html on how to create your own schema's. So I created a file called /etc/openldap/schema/memberof.schema and put in the following text:

# The isMemberOf attribute associated with an entity is a
# collection of values each of which identifies a group to
# which that entity belongs.
attributetype ( 1.3.6.1.4.1.5923.1.5.1.1
NAME 'isMemberOf'
DESC 'identifiers for groups to which containing entity belongs'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

Then I added this schema to the slapd.conf and restarted ldap.

In the client, I've used the same 'ismemberof' line from my previous thread, so it says:

nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com?sub?isMemberOf=cn=access,ou=auth,dc=ldn,dc=sw,dc=com

Having tried MANY combination's of ?, ( and ) it won't work.

So, can anyone comment on my schema, it right? is it complete sh!te?
Does the nss_apsswd line need changing now I've moved to Openldap?

Comments on a postcard please.

BTW - I've been looking at LDAP books to cure my insomnia, and found http://www.amazon.co.uk/LDAP-Directo...2282151&sr=1-1. The books.google.com site had some useful pages from this book but the review on amazon is not great.

TIA

Stuart.