OpenLDAP Schemas
This is a discussion on OpenLDAP Schemas within the Linux Networking forums, part of the Linux Forums category; I'm looking into adding support for LDAP in our embedded product. I'm not sure where to add special ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-10-2003
|
|||
|
|||
OpenLDAP Schemas
I'm looking into adding support for LDAP in our embedded
product. I'm not sure where to add special attributes? Does our compnay need to register for a schema number like we did for snmp? I have special acls that look like the followig: Power Control = true/false Admin Privs = true/false Access Port 1 = true/false Access Port 7 = true/false As you can see those do not fit in /etc/passwd and would not fit for a regular UNIX system. They are special to our product. Thanks, Chris 
|
|
09-10-2003
|
|||
|
|||
|
Re: OpenLDAP Schemas
You could use PAM to authenticate users for power control by adding
them to a special group using pam_wheel and define another gid then 0. something like poweroff authenticate sufficent /lib/security/pam_wheel.so use_uid group Access to port 1 and 7 -> is this hardware? and accessable via /dev? The change ownership to a specialised group can help? make a group accessToPort1. Make accessToPort1 owner of /dev/port1 and add everone who has access to this group.. The same for Port 7... For admin Privs? Depends on how the admin works... Frank Wiegerinck Chris Fowler wrote: > I'm looking into adding support for LDAP in our embedded > product. I'm not sure where to add special attributes? Does > our compnay need to register for a schema number like we > did for snmp? > > I have special acls that look like the followig: > > > Power Control = true/false > Admin Privs = true/false > Access Port 1 = true/false > Access Port 7 = true/false > > As you can see those do not fit in /etc/passwd and would not > fit for a regular UNIX system. They are special to our product. > > Thanks, > Chris
|
|
09-10-2003
|
|||
|
|||
|
Re: OpenLDAP Schemas
Chris Fowler <cfowler@linuxiceberg.com> writes:
> I'm looking into adding support for LDAP in our embedded product. I'm > not sure where to add special attributes? Does our compnay need to > register for a schema number like we did for snmp? If your company already has an OID number for SNMP, add another branch under that OID for ldap schemas (and probably add three more branches for objectclasses, attributes and syntaxes). There's nothing special about an OIDs that makes them SNMP-only; what you do with your OID branch is up to you. > I have special acls that look like the followig: > > Power Control = true/false > Admin Privs = true/false > Access Port 1 = true/false > Access Port 7 = true/false > > As you can see those do not fit in /etc/passwd and would not > fit for a regular UNIX system. They are special to our product. Create a new objectclass that inherits from posixaccount; define the attributes and add them to this objectclass. -- Dave Carrigan Seattle, WA, USA dave@rudedog.org | http://www.rudedog.org/ | ICQ:161669680 UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL
|
Linear Mode
