LDAP Devel...

Todd Piket tcpiket at mtu.edu
Mon Nov 1 17:36:47 GMT 1999


	Hey everybody.  Well, I'm new to the Samba source code, but I have a
need that I'm not sure if anyone else is fulfilling.  So, could you let
me know if what I am going to do is already under development? 
Okay...here's the deal:

	I work at Michigan Technological University and we are trying to
leverage Kerberos V and an LDAP Directory Server.  What I would like to
do is provide authorization to Samba shares via the Directory Server and
possibly authentication as well (which is already done).  I was
wondering if anyone was already implementing the authorization portion
and if not, here's my idea that I would love some (constructive)
criticism on:

	In the Directory there will be groups pertaining to shares (i.e.,
cn=Restricted,ou=Samba,ou=Groups,o=mtu.edu).  Everyone who has access to
the Restricted share will be a uniquemember of the group.  So, it should
be as simple as doing an ldapsearch for the authenticated userid and
determing if he/she is a uniquemember of the share he/she attempted to
gain access to.

	Basically, the flow is:

1.)	authenticate somewhere
2.)	lookup shares in config file and LDAP
3.)	verify authorization
4.)	force user and group stuff if necessary
5.)	share it.

	Sorry so long.  Any help/suggestions/whatever would be greatly


Todd Piket
Email:  tcpiket at mtu.edu
Phone:  (906) 487-1720

More information about the samba-technical mailing list