ok, thanks
other question:
i'm working on a lan with students, teachers, some guests and a pair of administrators. i need that everyone can authenticate himself on the lan. there are some computers in a room and i want they will be powered on will appear a display to log in. the same thing for every computer that will be connect to our local network. every user will have his permissions to visit different sites, to see server resources, etc. i don't know how prepare this but for the moment am preparing the server populating it with every user. Now i need to know one thing. with the my configuration idea, is it enough to have the Simple Binding inserting only the userPassword of Person objectClass? do i need also account and simpleSecurityObject classes?
On 02/28/2012 10:11 AM, Turbo Fredriksson wrote:
On Tue, 28 Feb 2012 08:02:42 +0100, stefano wrote:
I am preparing an ldap server to allow every user to access the LAN only with his username and password. the root of the directorytree can be invented? i invented a domain amahoro.bi, can be correct?
Sure. As long as you don't plan on publish it in any way and ONLY use it internally, that would work.
Your base DN would then be: 'dc=amahora,dc=bi'.
It's not the best of ideas (best is to register a domain name and use that), but functionally perfectly fine. -- ... but you know as soon as Oracle starts waving its wallet at a Company it's time to run - fast. /illumos mailing list
On Tue, 28 Feb 2012 11:02:43 +0100, stefano wrote:
i need that everyone can authenticate himself on the lan.
So you'll be needing LibNSS/LDAP and LibPAM/LDAP most likley.
every user will have his permissions to visit different sites, to see server resources, etc.
Sorry, that I did not understand.
with the my configuration idea, is it enough to have the Simple Binding inserting only the userPassword of Person objectClass? do i need also account and simpleSecurityObject classes?
Person allows password, so does simpleSecurityObject, so you don't need both.
But for a user to be able to login, they will need all the UN*X attributes as well. Such as uidNumber, gidNumber, homeDirectory etc, etc. So instead, use 'posixAccount'.
But this is beyound the scope of this list. Please see howtos etc on the 'Net to have UN*X users authenticate againt LDAP. -- ... but you know as soon as Oracle starts waving its wallet at a Company it's time to run - fast. /illumos mailing list
i'm working on a lan with students, teachers, some guests and a pair of administrators. i need that everyone can authenticate himself on the lan. there are some computers in a room and i want they will be powered on will appear a display to log in. the same thing for every computer that will be connect to our local network. every user will have his permissions to visit different sites, to see server resources, etc. i don't know how prepare this but for the moment am preparing the server populating it with every user.
Take a look at SSSD, https://fedorahosted.org/sssd/ . It will allow you to setup much more robust environment.
i have debian squeeze!
On 02/28/2012 02:52 PM, Jan Včelák wrote:
i'm working on a lan with students, teachers, some guests and a pair of administrators. i need that everyone can authenticate himself on the lan. there are some computers in a room and i want they will be powered on will appear a display to log in. the same thing for every computer that will be connect to our local network. every user will have his permissions to visit different sites, to see server resources, etc. i don't know how prepare this but for the moment am preparing the server populating it with every user.
Take a look at SSSD, https://fedorahosted.org/sssd/ . It will allow you to setup much more robust environment.
stefano wrote:
i have debian squeeze!
Look into nssov then. Or nss-pam-ldapd.
On 02/28/2012 02:52 PM, Jan Včelák wrote:
i'm working on a lan with students, teachers, some guests and a pair of administrators. i need that everyone can authenticate himself on the lan. there are some computers in a room and i want they will be powered on will appear a display to log in. the same thing for every computer that will be connect to our local network. every user will have his permissions to visit different sites, to see server resources, etc. i don't know how prepare this but for the moment am preparing the server populating it with every user.
openldap-technical@openldap.org