LDAP for privilege control?

Posted by neoice on Server Fault See other posts from Server Fault or by neoice
Published on 2009-11-14T12:37:58Z Indexed on 2010/03/17 15:31 UTC
Read the original article Hit count: 304

Filed under:

ldap

|

user-management

|

security

I've been wondering for a while if LDAP can be used to control user privileges. For example, if I have UNIX and web logins, is there an easy way to grant a user access to just or just UNIX (or even both?)

My current attempt at solving this very problem was to create 'login' and 'nologin' groups, but this doesn't seem fine-grained enough to meet the ideas I have in my head. I'm also still in the situation where all UNIX users are web users, which isn't a problem so much as an indicator of the limitations.

Does anyone have any input on this? Has this problem already been solved?

© Server Fault or respective owner

Related posts about ldap

NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Ubuntu 12.04 Preseed LDAP Config

as seen on Server Fault - Search for 'Server Fault'
I'm trying to deploy Ubuntu 12.04 via xCAT, everything works except the automatic configuration of LDAP, the preseed file is read but the file /etc/nsswitch is not written properly. My Preseed File: [...] ### LDAP Setup nslcd nslcd/ldap-bindpw password ldap-auth-config ldap-auth-config/bindpw password ldap-auth-config… >>> More
NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Apache+LDAP auth on Ubuntu says "Can't contact LDAP server" while ldapsearch is perfect

as seen on Server Fault - Search for 'Server Fault'
Hi Gurus, I'm migrating from an existing apache+LDAP+mysql+php server to a new hardware platform. Old server is running Debian Lenny, which I have no config documentation available (was done by previous sysadmin); New server is running Ubuntu 10.04.2 LTS 32bit. After installing Apache and configured… >>> More
Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'

as seen on Stack Overflow - Search for 'Stack Overflow'
Following the spring-security documentation: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html I am trying to set up ldap authentication (very simple - just need to know if a user is authenticated or not, no authorities mapping needed) and have put this in my applicationContext-security… >>> More

Related posts about user-management

User management API

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am developing an application suite where users will need to connect to a server and depending on their account type they will be given some services. The server will run Linux. Can you please suggest me some user management API which I can use to develop the server program? By user management… >>> More
User management for google apps

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi guys, I'm modifying our collaboration system so it can be listed on google applications. A small issue I'm facing is the registering of user details. By default whenever someone logs into their google Apps account they pretty much are logged into the application. For every action taken by a registered… >>> More
User management for custom application built on google apps

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi guys, I'm modifying our collaboration system so it can be listed on google applications. A small issue I'm facing is the registering of user details. By default whenever someone logs into their google Apps account they pretty much are logged into the application. For every action taken by a registered… >>> More
Which is a good opensource user management system?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm new to php/mySQL and am trying to create a website which will allow users to register. In future, there will be a paid content area where content will be shown based on the payment status. Is there a good opensource lightweight framework which takes care of the user management part? (Register… >>> More
SugarCRM - how to customize user management tools?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm new to using SugarCRM. I want to have a users page that does the following: 1) allow a user to create sub-users, and each sub-user can then create additional sub users 2) display users in an expandable and collapse-able hierarchical tree structure. 3) add more attributes to each user Does… >>> More