OpenLDAP Schemas

I'm looking into adding support for LDAP in our embedded
product. I'm not sure where to add special attributes? Does
our compnay need to register for a schema number like we
did for snmp?

I have special acls that look like the followig:


Power Control = true/false
Admin Privs = true/false
Access Port 1 = true/false
Access Port 7 = true/false

As you can see those do not fit in /etc/passwd and would not
fit for a regular UNIX system. They are special to our product.

Thanks,
Chris

You could use PAM to authenticate users for power control by adding
them to a special group using pam_wheel and define another gid then
0.

something like
poweroff authenticate sufficent /lib/security/pam_wheel.so use_uid group

Access to port 1 and 7 -> is this hardware? and accessable via
/dev? The change ownership to a specialised group can help?
make a group accessToPort1. Make accessToPort1 owner of /dev/port1
and add everone who has access to this group..
The same for Port 7...

For admin Privs? Depends on how the admin works...



Frank Wiegerinck

Chris Fowler wrote:
> I'm looking into adding support for LDAP in our embedded
> product. I'm not sure where to add special attributes? Does
> our compnay need to register for a schema number like we
> did for snmp?
>
> I have special acls that look like the followig:
>
>
> Power Control = true/false
> Admin Privs = true/false
> Access Port 1 = true/false
> Access Port 7 = true/false
>
> As you can see those do not fit in /etc/passwd and would not
> fit for a regular UNIX system. They are special to our product.
>
> Thanks,
> Chris

Chris Fowler <(E-Mail Removed)> writes:

> I'm looking into adding support for LDAP in our embedded product. I'm
> not sure where to add special attributes? Does our compnay need to
> register for a schema number like we did for snmp?

If your company already has an OID number for SNMP, add another branch
under that OID for ldap schemas (and probably add three more branches
for objectclasses, attributes and syntaxes). There's nothing special
about an OIDs that makes them SNMP-only; what you do with your OID
branch is up to you.

> I have special acls that look like the followig:
>
> Power Control = true/false
> Admin Privs = true/false
> Access Port 1 = true/false
> Access Port 7 = true/false
>
> As you can see those do not fit in /etc/passwd and would not
> fit for a regular UNIX system. They are special to our product.

Create a new objectclass that inherits from posixaccount; define the
attributes and add them to this objectclass.

--
Dave Carrigan
Seattle, WA, USA
(E-Mail Removed) | http://www.rudedog.org/ | ICQ:161669680
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL