wallet ldap question
Ross Smith
rjsm at umich.edu
Tue Aug 28 15:47:39 EDT 2012
Hello,
I apologize if this is an incorrect list to send this to.
I am looking at implementing wallet to streamline the distribution of our
host keytabs, which I am fairly comfortable with how to setup in the
environment here. We would like to use the ldap-attr to manage the acls,
but our ldap structure is incompatible with the existing ldap-attr code.
Instead of looking up the principle and checking an attribute, we would
like to look up a key and check if an attribute contains the principle to
grant access. e.g. our ldap is structured like below
ou=,dn=,cn=,cn=my-wallet-group:
member: uid=rjsm
member: uid=foo
member: uid=bar
I'd like to be able to define an acl on my-wallet-group and check if the
principle matches one of the uids.
What is the best course of implementing something like this? I was
planning to use the existing ldap-attr code as a starting point and
implement this there? Is there another option that I should also consider?
Thanks,
Ross Smith <rjsm at umich.edu>
College of Engineering - CAEN - Unix and Linux Support
More information about the Kerberos
mailing list