On Sunday 01 April 2001 07:06, Sami Haahtinen wrote:
> i don't know about standard but there is a schema for one. (i don't
> remember if it supported services directly but it could be implemented)
>
> the schema comes with directory manager (i can't remember the URL for it
> now check d-d archives)
On Sunday 01 April 2001 07:06, Sami Haahtinen wrote:
> i don't know about standard but there is a schema for one. (i don't
> remember if it supported services directly but it could be implemented)
>
> the schema comes with directory manager (i can't remember the URL for it
> now check d-d archives
On Sat, Mar 31, 2001 at 10:53:17PM +0200, Piotr Roszatycki wrote:
> > > Nice, but AFAIR the `service' attribute isn't standard. Did you use a
> > > special objectClass?
> >
> > the filter is self defined, and the service filter was just an example, you
> > are allowed to filter it with anything yo
On Sat, 31 Mar 2001, (Sami Haahtinen) wrote:
> > Nice, but AFAIR the `service' attribute isn't standard. Did you use a
> > special
> > objectClass?
>
> the filter is self defined, and the service filter was just an example, you
> are
> allowed to filter it with anything you like.
There are any
On Sat, Mar 31, 2001 at 10:24:17PM +0200, Piotr Roszatycki wrote:
> > i'm currently implementing filter attribute for pam_ldap, which would allow
> > you to add a custom filter for your pam module (filter=(service=telnet)
> > would be quite effective..
>
> Nice, but AFAIR the `service' attribute i
On Fri, 30 Mar 2001, (Sami Haahtinen) wrote:
> > > Anyway, thanks for this solution, I will incorporate this in my existing
> > > configuration as well
>
> i'm currently implementing filter attribute for pam_ldap, which would allow
> you
> to add a custom filter for your pam module (filter=(servi
On Sat, Mar 31, 2001 at 10:53:17PM +0200, Piotr Roszatycki wrote:
> > > Nice, but AFAIR the `service' attribute isn't standard. Did you use a
> > > special objectClass?
> >
> > the filter is self defined, and the service filter was just an example, you
> > are allowed to filter it with anything y
On Sat, 31 Mar 2001, (Sami Haahtinen) wrote:
> > Nice, but AFAIR the `service' attribute isn't standard. Did you use a special
> > objectClass?
>
> the filter is self defined, and the service filter was just an example, you are
> allowed to filter it with anything you like.
There are any standa
On Sat, Mar 31, 2001 at 10:24:17PM +0200, Piotr Roszatycki wrote:
> > i'm currently implementing filter attribute for pam_ldap, which would allow
> > you to add a custom filter for your pam module (filter=(service=telnet)
> > would be quite effective..
>
> Nice, but AFAIR the `service' attribute
On Fri, 30 Mar 2001, (Sami Haahtinen) wrote:
> > > Anyway, thanks for this solution, I will incorporate this in my existing
> > > configuration as well
>
> i'm currently implementing filter attribute for pam_ldap, which would allow you
> to add a custom filter for your pam module (filter=(service
On Fri, Mar 30, 2001 at 08:20:23PM -0500, Richard A Nelson wrote:
> > > i'm currently implementing filter attribute for pam_ldap, which would
> > > allow you to add a custom filter for your pam module
> > > (filter=(service=telnet) would be quite effective..
> >
> > Nice.
>
> Indeed
even though i
On Fri, Mar 30, 2001 at 08:20:23PM -0500, Richard A Nelson wrote:
> > > i'm currently implementing filter attribute for pam_ldap, which would
> > > allow you to add a custom filter for your pam module
> > > (filter=(service=telnet) would be quite effective..
> >
> > Nice.
>
> Indeed
even though
On Fri, Mar 30, 2001 at 11:54:37PM +0300, Sami Haahtinen wrote:
> i'm currently implementing filter attribute for pam_ldap, which would allow
> you
> to add a custom filter for your pam module (filter=(service=telnet) would be
> quite effective..
Nice.
I was going to implement LDAP for someone b
On Fri, Mar 30, 2001 at 11:54:37PM +0300, Sami Haahtinen wrote:
> i'm currently implementing filter attribute for pam_ldap, which would allow you
> to add a custom filter for your pam module (filter=(service=telnet) would be
> quite effective..
Nice.
I was going to implement LDAP for someone but
On Fri, Mar 30, 2001 at 08:47:18PM +0200, Piotr Roszatycki wrote:
> > Well, at least that's an solution. However I don't like it too much, to
> > have a whole bunch of config files lying around. If I find the time
> > (imagine the if written in real big letters), I will try to implement this
> > in
On Fri, 30 Mar 2001, Alexander Reelsen wrote:
> Well, at least that's an solution. However I don't like it too much, to
> have a whole bunch of config files lying around. If I find the time
> (imagine the if written in real big letters), I will try to implement this
> in pam_ldap, where it belongs
On Fri, Mar 30, 2001 at 08:47:18PM +0200, Piotr Roszatycki wrote:
> > Well, at least that's an solution. However I don't like it too much, to
> > have a whole bunch of config files lying around. If I find the time
> > (imagine the if written in real big letters), I will try to implement this
> > i
On Fri, 30 Mar 2001, Alexander Reelsen wrote:
> Well, at least that's an solution. However I don't like it too much, to
> have a whole bunch of config files lying around. If I find the time
> (imagine the if written in real big letters), I will try to implement this
> in pam_ldap, where it belongs
Hi
On Fri, Mar 30, 2001 at 10:15:24AM +1000, Russell Coker wrote:
> On Friday 30 March 2001 08:55, Russell Coker wrote:
> > Good point. The problem is that the NSS interface doesn't allow for such
> > things so you would have to use pam_ldap for all authentication (no big
> > deal just a minor PI
Hi
On Fri, Mar 30, 2001 at 10:15:24AM +1000, Russell Coker wrote:
> On Friday 30 March 2001 08:55, Russell Coker wrote:
> > Good point. The problem is that the NSS interface doesn't allow for such
> > things so you would have to use pam_ldap for all authentication (no big
> > deal just a minor P
On Friday 30 March 2001 08:55, Russell Coker wrote:
> > That's not clean. And what you do with FTP and IMAP/POP? You don't need
> > to have a shell for both, but you want to allow only one of those. Of
> > course, yeah, I could have access lists for each of that service not
> > stored in the LDAP t
On Thursday 29 March 2001 22:33, Alexander Reelsen wrote:
> > > > Another question is, does anyone have any other suggestions for doing
> > > > such things?
> > >
> > > I would like to do this as well. If you authenticate using PAM and wnat
> > > to exclude users from using ftpd and ssh, but still
On Friday 30 March 2001 08:55, Russell Coker wrote:
> > That's not clean. And what you do with FTP and IMAP/POP? You don't need
> > to have a shell for both, but you want to allow only one of those. Of
> > course, yeah, I could have access lists for each of that service not
> > stored in the LDAP
On Thursday 29 March 2001 22:33, Alexander Reelsen wrote:
> > > > Another question is, does anyone have any other suggestions for doing
> > > > such things?
> > >
> > > I would like to do this as well. If you authenticate using PAM and wnat
> > > to exclude users from using ftpd and ssh, but still
Hi
On Thu, Mar 29, 2001 at 10:19:44PM +1000, Russell Coker wrote:
> On Thursday 29 March 2001 18:08, Alexander Reelsen wrote:
> > On Thu, Mar 29, 2001 at 10:03:39AM +1000, Russell Coker wrote:
> > > So the question is, what attribute should I use?
> > This is the minor question IMHO.
> Not so mino
On Thursday 29 March 2001 18:08, Alexander Reelsen wrote:
> On Thu, Mar 29, 2001 at 10:03:39AM +1000, Russell Coker wrote:
> > So the question is, what attribute should I use?
>
> This is the minor question IMHO.
Not so minor if you want to avoid having your schema break other software you
may wa
Hi
On Thu, Mar 29, 2001 at 10:19:44PM +1000, Russell Coker wrote:
> On Thursday 29 March 2001 18:08, Alexander Reelsen wrote:
> > On Thu, Mar 29, 2001 at 10:03:39AM +1000, Russell Coker wrote:
> > > So the question is, what attribute should I use?
> > This is the minor question IMHO.
> Not so min
On Thursday 29 March 2001 18:08, Alexander Reelsen wrote:
> On Thu, Mar 29, 2001 at 10:03:39AM +1000, Russell Coker wrote:
> > So the question is, what attribute should I use?
>
> This is the minor question IMHO.
Not so minor if you want to avoid having your schema break other software you
may w
I have an LDAP directory that contains the accounts for several machines.
Most accounts will be active on all machines, but some accounts will only be
active on a sub-set of the machines, I would like to implement this with a
filter something like the following:
(|(attr=all)(attr=machine-name)
I have an LDAP directory that contains the accounts for several machines.
Most accounts will be active on all machines, but some accounts will only be
active on a sub-set of the machines, I would like to implement this with a
filter something like the following:
(|(attr=all)(attr=machine-name
30 matches
Mail list logo
