I completely forget where I originally got this. I'm pretty sure it was after some annoying late-night Googling. This is supposedly referenced in one of the pam_ldap mailing list archive posts... somewhere, in some galaxy, at some time. :)
(random FYI, objectClass hostObject, below, is if you were using host-based checking in pam_ldap. Don't ask me where the host attribute is, though... I think cosine) [EMAIL PROTECTED] /usr/local/etc/openldap/schema] > more ldapns.schema # $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ # LDAP Name Service Additional Schema # <a href="http://www.iana.org/assignments/gssapi-service-names";>http://www.iana.org/assignments/gssapi-service-names</a> attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService ) objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary object class for adding host attribute' SUP top AUXILIARY MAY host ) > Scott, > > I was just browsing my LDAP schema. Where should if find > authorizedService? > > --Ez > > On Mon, 2005-04-04 at 09:33, Scott Balmos wrote: >> Use pam_ldap in conjunction with the pam_check_service_attr option in >> its config file. Then add authorizedService attributes for every PAM >> service you want. Cyrus can get especially fine-grained, because it has >> four separate PAM services (one each for POP3, IMAP, NNTP, and Sieve). >> See below for a section of my account LDIF. Note that SASL does not >> append "d" to its service entries, like you think it would. That screwed >> me over the first time I tried to get this setup going. >> >> authorizedService: sshd >> authorizedService: ftpd >> authorizedService: imap >> authorizedService: pop >> authorizedService: nntp >> authorizedService: smtp >> authorizedService: sieve >> >> --Scott >> <snip> -- Scott Balmos President - SimuNex, Ltd. [EMAIL PROTECTED] http://www.simunex.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
