[sabayon] RE: Deployment of user profiles



> However, this system is a bit simplistic. For networks where user
> information is stored in LDAP it would be much nicer if we could just
> read the profile information from LDAP. Furthermore, it would be nice to
> have things like profile groups or classes so you could just get a
> specific profile because you're part of a group/class. Also, it might be
> interesting to get a different profile depending on the IP of the
> machine you log in to.
>
> I don't know a lot of LDAP, so I need some help here. How would I store
> this sort of information in LDAP. Is there some already existing schemas
> that I could use? Also, how do I get to the LDAP server? Should I put
> that in the sabayon config file, or is there some standard way to get
> the LDAP server address?

You are almost certainly going to need to add a schema AUXILLARY object
class containing one or more new LDAP attributes. Think of this as adding a
new field to a structure in C or a new key in a table entry for the user
(probably added to uid=username,ou=People). You may also want to add a new
structural class to contain the global group/class profile info. The per
user profile attribute would then either point to a per user profile or via
indirection to the group/class profile. The group/class profiles would
probably be hung off of cn=Sabayon,ou=Services node. Once again this
requires new schema. I would be more than happy to help you write the
schema, it would be pretty simple.

You may also want to look at the schema we did for stateless linux. This
seems like a very close cousin. I did the original schema but then David
Malcolm rewrote it as stateless linux evolved.

Typically the location of the ldap server is set as part of an application
configuration. I'm not aware of a standard scheme for identification of ldap
servers other than possibly via the SRV dns record, but this requires the
dns server to have been set up to provide this record, probably not
something you can count on but possibly a nice auto-configuration feature
should it be able to find one.

As a side note, shouldn't you also be discussing this on the sabayon list?
I've added that as a cc.

John

--
John Dennis <jdennis redhat com>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]