On Sun, 2005-10-30 at 23:12 -0800, Rik Herrin wrote: > Hi, > I was wondering if the following is doable using > OpenLDAP. Is it possible for the server to obtain > information and store it in an entry when the user > authenticates against it? For example, when a user > logs in, would it be possible to configure the > OpenLDAP server to obtain things such as the IP and > store them in one of the user's attributes? I wanted > to do this so that I can integrate OpenLDAP with > iptables or any other service (perhaps a proxy > service). Thanks for your time.
Not with stock OpenLDAP, of course. What you are asking seems to be rather application-specific. You could write an overlay that handles the response after a (successful) bind in order to store in the directory the information you need, provided it is available. Typically, the IP is available from the connection structure, but I don't much see the need of storing it into the directory, since the connection-related info will remain the same throughout the life of the connection, unless you need that info to be persistent. Note that in case you need that info outside slapd, you can query the monitor backend (provided you can somehow identify the connection in order to look it up). For example (OL 2.3): $ ldapsearch -x -H ldap://:9011 -b cn=connections,cn=monitor @extensibleobject <... snip> # Connection 0, Connections, Monitor dn: cn=Connection 0,cn=Connections,cn=Monitor objectClass: monitorConnection structuralObjectClass: monitorConnection cn: Connection 0 monitorConnectionNumber: 0 monitorConnectionProtocol: 3 monitorConnectionOpsReceived: 1 monitorConnectionOpsExecuting: 0 monitorConnectionOpsPending: 0 monitorConnectionOpsCompleted: 1 monitorConnectionGet: 1 monitorConnectionRead: 1 monitorConnectionWrite: 0 monitorConnectionMask: r monitorConnectionAuthzDN: cn=Manager,dc=example,dc=com monitorConnectionListener: ldap://:9011 monitorConnectionPeerDomain: unknown monitorConnectionLocalAddress: IP=127.0.0.1:32822 monitorConnectionPeerAddress: IP=0.0.0.0:9011 monitorConnectionStartTime: 20051031101050Z monitorConnectionActivityTime: 20051031101050Z creatorsName: modifiersName: createTimestamp: 20051031101050Z modifyTimestamp: 20051031101050Z entryDN: cn=Connection 0,cn=Connections,cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: FALSE <... snip> p. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
