5:34 a.m.
Hi list,
I would like to know whether anybody has succeeded in using the memberof
overlay for others attributes.
I would like a user entry (specifically the host attribute) to be
populated when a user is added to a posixGroup. Let's say this
posixGroup contains a "hostOfGroup" attribute.
Is it feasible? Or do I need to code my own overlay for that purpose?
If writing an overlay is not needed, is there an esaier way to do that?
Thanks.
Regards,
Vince
12:04 a.m.
Vince Rafale wrote:
Hi list,
I would like to know whether anybody has succeeded in using the memberof
overlay for others attributes.
I would like a user entry (specifically the host attribute) to be
populated when a user is added to a posixGroup. Let's say this
posixGroup contains a "hostOfGroup" attribute.
Is it feasible? Or do I need to code my own overlay for that purpose?
If writing an overlay is not needed, is there an esaier way to do that?
slapo-memberof, as far as I remember, can only work with DN-valued
attrs. Using it for generic attrs would definitely require some work,
and may be problematic.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando(a)sys-net.it
-----------------------------------
4:34 a.m.
On Sunday 26 April 2009 14:34:00 Vince Rafale wrote:
Hi list,
I would like to know whether anybody has succeeded in using the memberof
overlay for others attributes.
I would like a user entry (specifically the host attribute) to be
populated when a user is added to a posixGroup. Let's say this
posixGroup contains a "hostOfGroup" attribute.
Is it feasible? Or do I need to code my own overlay for that purpose?
If writing an overlay is not needed, is there an esaier way to do that?
Sounds like there may be other solutions to your real problem ... e.g.
pam_listfile with item=group sense=allow
Regards,
Buchan
8:48 a.m.
Buchan Milne wrote:
On Sunday 26 April 2009 14:34:00 Vince Rafale wrote:
> Hi list,
>
> I would like to know whether anybody has succeeded in using the memberof
> overlay for others attributes.
> I would like a user entry (specifically the host attribute) to be
> populated when a user is added to a posixGroup. Let's say this
> posixGroup contains a "hostOfGroup" attribute.
>
> Is it feasible? Or do I need to code my own overlay for that purpose?
> If writing an overlay is not needed, is there an esaier way to do that?
Sounds like there may be other solutions to your real problem ... e.g.
pam_listfile with item=group sense=allow
Or use the PAM support in the nssov overlay. Setting a user's host attribute
to control logins is ridiculous...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11:50 a.m.
Howard Chu wrote :
Buchan Milne wrote:
> On Sunday 26 April 2009 14:34:00 Vince Rafale wrote:
>> Hi list,
>>
>> I would like to know whether anybody has succeeded in using the
>> memberof
>> overlay for others attributes.
>> I would like a user entry (specifically the host attribute) to be
>> populated when a user is added to a posixGroup. Let's say this
>> posixGroup contains a "hostOfGroup" attribute.
>>
>> Is it feasible? Or do I need to code my own overlay for that purpose?
>> If writing an overlay is not needed, is there an esaier way to do that?
>
> Sounds like there may be other solutions to your real problem ... e.g.
> pam_listfile with item=group sense=allow
Or use the PAM support in the nssov overlay. Setting a user's host
attribute to control logins is ridiculous...
Ok for that overlay. Have you got any tutorial on the use of that overlay?
If not, could you please provide some more details on the configuration
for that overlay that could suit my need?
Thanks.
Regards,
Vince
6:04 p.m.
Vince Rafale wrote:
Howard Chu wrote :
> Buchan Milne wrote:
>> On Sunday 26 April 2009 14:34:00 Vince Rafale wrote:
>>> Hi list,
>>>
>>> I would like to know whether anybody has succeeded in using the
>>> memberof
>>> overlay for others attributes.
>>> I would like a user entry (specifically the host attribute) to be
>>> populated when a user is added to a posixGroup. Let's say this
>>> posixGroup contains a "hostOfGroup" attribute.
>>>
>>> Is it feasible? Or do I need to code my own overlay for that purpose?
>>> If writing an overlay is not needed, is there an esaier way to do that?
>>
>> Sounds like there may be other solutions to your real problem ... e.g.
>> pam_listfile with item=group sense=allow
>
> Or use the PAM support in the nssov overlay. Setting a user's host
> attribute to control logins is ridiculous...
>
Ok for that overlay. Have you got any tutorial on the use of that overlay?
If not, could you please provide some more details on the configuration
for that overlay that could suit my need?
http://www.openldap.org/devel/cvsweb.cgi/contrib/slapd-modules/nssov/slap...
The relevant point is to create ipHost entries for each host that you want to
control logins on, and set the authorizedService attribute to the set of PAM
services you want to allow (e.g., login, sshd, gdm, whatever). Then set ACLs
on the authorizedService attribute - this will then control what users the
nssov overlay allows to login to the given service on a given host. This gives
you the full power of the slapd ACL engine, instead of just the 2-3 limited
options that the old pam_ldap module provides.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
4596
days inactive
4599
days old
openldap-technical@openldap.org
5 comments
4 participants
participants (4)
-
Buchan Milne -
Howard Chu -
Pierangelo Masarati -
Vince Rafale