> Well, my doubt is, how to make the proxy and email services (running > on Machine 2) interact with my LDAP server, in such a way that the > proxy only authenticate users belonging to the group Proxy and the > email only authenticate users belonging to the group Email ?
Simple, configure the services appropriately. For squid this is very simply and they provide a module for it; for e-mail you configure you MTA and/or IMAP server. For e-mail there is no straight forward answer since there are x^n ways of configuring most modern mail servers. > Is this the best way? Or it would be better to forget about the groups > approach and create user flags (through attributes), like proxyAllowed > = "Y" or "N" and emailAllowed = "Y" or "N" ? > Or even a way to use ACLs of Openldap, allowing the reading of a > specific field of LDAP (for example, cn=Email,dc=domain and > cn=Proxy,dc=domain) ? Sure attributes can be locked by group membership, connection origin (hostname), etc... > Well, sorry about the big mail, and I'm taking any suggestions!!!!!!!
signature.asc
Description: This is a digitally signed message part
--- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.