Rik Herrin wrote:
Hi, I was wondering if the following is doable using OpenLDAP. Is it possible for the server to obtain information and store it in an entry when the user authenticates against it?
Your question is poorly specified, which indicates that your objective is poorly conceived and you really have no idea what you're asking for. Using my psychic abilities I'm going to do your thinking for you and take a stab at answering anyway.
For example, when a user logs in, would it be possible to configure the OpenLDAP server to obtain things such as the IP and store them in one of the user's attributes? I wanted to do this so that I can integrate OpenLDAP with iptables or any other service (perhaps a proxy service). Thanks for your time.
Since you are talking about iptables it appears you're interested in what happens after a user logs into a Linux system. The fact that LDAP is used to verify the user's authentication to Linux is incidental. In this scenario, what you're looking for is purely an application-level concern. I.e., the module that performs the Linux authentication using LDAP should be responsible for squirreling away whatever other information you're interested in maintaining. Note that in this scenario it is impossible for the LDAP server to *gather* any useful information about the *user's* IP address; the only thing the LDAP server sees is the IP address of the Linux machine requesting the authentication. Only the Linux machine knows the actual IP address of the user. Also, even if the LDAP server could somehow divine the necessary information about the user, the information is of no value to the LDAP server itself. It is up to your application-side code to query the attributes anyway. So all of the development required to implement this feature you desire rests on the application side.
When you take the time to think through the actual flow of information and steps needed to process it, it's all pretty obvious. No need to wonder.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/