Hi all, Sorry if the question is not FDS-specific. I'm a university student and trying to learn how LDAP is used in managing access control. I can setup FDS, create basic schema (mostly user information), setup postfix to use FDS as authentication server, set up PAM on linux to use FDS as authentication server, etc. But that's only limited to user authentication. Everyone is talking about how LDAP can be used to manage access, in fact, it is on every vendor's features list. But I've never seen a real example of how it is used. Maybe I'm dumb, but I just couldn't imagine how it is set up and used. Let's take the following scenario. I have a network of servers, running different services and applications. Let's say, I called my machines M1, M2, M3, and called the services S1, S2, S3. All machines runs all 3 services. I have 3 groups of users, G1, G2, G3. Now, the question is, how can use LDAP to manage access control of my users? Let's say, I want to let users in G1 to access S1 and S2 on M1 only. And here are the requirements: G1 -> M1(S1, S2) G2 -> M1(S3), M2(S1, S2, S3) G3 -> M3(S1, S2, S3) Maybe I'm not understanding the meaning of "access control" correctly. But I just could not figure out how to set up to achieve this goal. What I want to know, besides the standard schema for storing user information, how do I: - define the schema for storing access control information? - tell the servers and services that specific user has what access permissions? - define extensible schema, so that if I add more servers and applications to my network, I can add new access control information without having to re-design the schema? If I have to use any features that are specific to FDS (ie. non-standard), so be it. Gurus on this list, mind giving any hint on that? Or if anyone could give a real life example, that would great. Thanks in advance sz __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
