On Mon, May 31, 2004 at 04:42:04PM -0400, matt f wrote: > Hello, > > My question is as follows: How can i orchestrate my ldap database to > give users access to a limited domain of services? If I want someone to > be able to use NFS and ProFTP, but not let them login, samba-in, or > email, is there anything I can do within the LDAP framework to make this > possible?
Do it with ldap filters. Use different objectclass (ftpuser, sambasamaccount) or Use a multi-valued attribute (allowedservices) and put in some magick words like (ftp, samba, mail, ...) Then in each apps, customize the ldap filter to match this attribute or the corresponding OC, depending on your schema (&(.....)(allowedservices=ftp)). That's the way I did it for some ldap architectures. But...it was without sso like kerberos, only ldap auth. -- Emmanuel Lacour ------------------------------------ Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - M�tro Gait� Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] - http://www.easter-eggs.com
