LDAP Devel...
Todd Piket
tcpiket at mtu.edu
Mon Nov 1 17:36:47 GMT 1999
Guys,
Hey everybody. Well, I'm new to the Samba source code, but I have a
need that I'm not sure if anyone else is fulfilling. So, could you let
me know if what I am going to do is already under development?
Okay...here's the deal:
I work at Michigan Technological University and we are trying to
leverage Kerberos V and an LDAP Directory Server. What I would like to
do is provide authorization to Samba shares via the Directory Server and
possibly authentication as well (which is already done). I was
wondering if anyone was already implementing the authorization portion
and if not, here's my idea that I would love some (constructive)
criticism on:
In the Directory there will be groups pertaining to shares (i.e.,
cn=Restricted,ou=Samba,ou=Groups,o=mtu.edu). Everyone who has access to
the Restricted share will be a uniquemember of the group. So, it should
be as simple as doing an ldapsearch for the authenticated userid and
determing if he/she is a uniquemember of the share he/she attempted to
gain access to.
Basically, the flow is:
1.) authenticate somewhere
2.) lookup shares in config file and LDAP
3.) verify authorization
4.) force user and group stuff if necessary
5.) share it.
Sorry so long. Any help/suggestions/whatever would be greatly
appreciated.
--
Regards,
Todd Piket
Email: tcpiket at mtu.edu
Phone: (906) 487-1720
More information about the samba-technical
mailing list