OpenLDAP Schemas

Discussion in 'Linux Networking' started by Chris Fowler, Sep 10, 2003.

  1. Chris Fowler

    Chris Fowler Guest

    I'm looking into adding support for LDAP in our embedded
    product. I'm not sure where to add special attributes? Does
    our compnay need to register for a schema number like we
    did for snmp?

    I have special acls that look like the followig:


    Power Control = true/false
    Admin Privs = true/false
    Access Port 1 = true/false
    Access Port 7 = true/false

    As you can see those do not fit in /etc/passwd and would not
    fit for a regular UNIX system. They are special to our product.

    Thanks,
    Chris
     
    Chris Fowler, Sep 10, 2003
    #1
    1. Advertisements

  2. Chris Fowler

    F.Wiegerinck Guest

    You could use PAM to authenticate users for power control by adding
    them to a special group using pam_wheel and define another gid then
    0.

    something like
    poweroff authenticate sufficent /lib/security/pam_wheel.so use_uid group

    Access to port 1 and 7 -> is this hardware? and accessable via
    /dev? The change ownership to a specialised group can help?
    make a group accessToPort1. Make accessToPort1 owner of /dev/port1
    and add everone who has access to this group..
    The same for Port 7...

    For admin Privs? Depends on how the admin works...



    Frank Wiegerinck
     
    F.Wiegerinck, Sep 10, 2003
    #2
    1. Advertisements

  3. If your company already has an OID number for SNMP, add another branch
    under that OID for ldap schemas (and probably add three more branches
    for objectclasses, attributes and syntaxes). There's nothing special
    about an OIDs that makes them SNMP-only; what you do with your OID
    branch is up to you.
    Create a new objectclass that inherits from posixaccount; define the
    attributes and add them to this objectclass.
     
    Dave Carrigan, Sep 10, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.