Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?

Thu, 01 Apr 2010 07:31:12 -0700 

Hi Shamika,

there are some examples in the faq-o-meter how to use dynlists. Take a look
here. <http://www.openldap.org/faq/data/cache/1209.html>

Here is a example of my config to do this:

*cat /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/**
olcOverlay\=\{0\}dynlist.ldif*
dn: olcOverlay={0}dynlist
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
objectClass: olcDynamicList
olcOverlay: {0}dynlist
olcDlAttrSet: {0}posixGroup labeledURI memberUid:uid

dn: cn=users,ou=People,ou=Groups,dc=example,dc=com
structuralObjectClass: posixGroup
objectClass: posixGroup
objectClass: labeledURIObject
objectClass: top
memberUid: username1
memberUid: username2
memberUid: username3
memberUid: username4
memberUid: username5
cn: users
gidNumber: 1100
labeledURI:
ldap:///ou=Users,dc=example,dc=com?uid?sub?(objectClass=posixAccount)

if you have username1 to 5 in ou=Users,dc=example,dc=com with uid's like
this and the objectClass posixAccount.

Maybe you can modify that to your needs.

Bye,

On Thu, Apr 1, 2010 at 15:19, Shamika Joshi <[email protected]> wrote:

> Hi
> The desired implementation is to control user logins on different lab
> machines based on the project groups.
> Scenario: Bob is part of project group 'mars' & John is part of 'venus'
> then I have added lab machines x1-x3 to group 'mars' & y1-y3 to group venus.
> Now I want John to only access machines allocated for project 'mars' i.e x1
> to x3 & John to access machines allocated for 'venus' i.e y1 to y3
>
> I went through this 
> link<http://www.hurricanelabs.com/september2009_login_security_using_openldap_and_pam>learned
>  that it can be achieved using "overlay dynlist". Please correct me
> if I've got it wrong.
> However my lab server is Ubuntu 9.10 (karmic koala) and it is using slapd.d
> (not slapd.conf)
> So now if I want to attempt to use "overlay dynlist" how should I go about
> it? Has anyone done this before? Any help will be appreciated.
>
> Thanks
> Shamika
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is
to do -- Sartre | Do be do be do -- Sinatra

Reply via email to