Hello,
I apologize if this is an incorrect list to send this to.
I am looking at implementing wallet to streamline the distribution of our
host keytabs, which I am fairly comfortable with how to setup in the
environment here. We would like to use the ldap-attr to manage the acls,
but our ldap structure is incompatible with the existing ldap-attr code.
Instead of looking up the principle and checking an attribute, we would
like to look up a key and check if an attribute contains the principle to
grant access. e.g. our ldap is structured like below
ou=,dn=,cn=,cn=my-wallet-group:
member: uid=rjsm
member: uid=foo
member: uid=bar
I'd like to be able to define an acl on my-wallet-group and check if the
principle matches one of the uids.
What is the best course of implementing something like this? I was
planning to use the existing ldap-attr code as a starting point and
implement this there? Is there another option that I should also consider?
Thanks,
Ross Smith <[email protected]>
College of Engineering - CAEN - Unix and Linux Support
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
