On 12/11/2012 11:11 AM, Guido Winkelmann wrote: > Hi, > > I'm trying to integrate Jabberd2 into my single-account scheme using LDAP, > and > I'm running into problems with that. > > One of my requirements for this is that I need to be able to specify for > every > user exactly which services he or she is allowed to access, so that, for > example, a user who only needs access to SMTP and IMAP services is not also > automatically able to login via SSH or FTP. For the services I have running > so > far, I was able to implement this by creating a new LDAP group (with > objectClass: groupOfNames) for each service and having every service check > whether a freshly authenticated user is a member of the respective group for > this service before granting access. > > Unfortunately, jabberd2 does not appear to support this (or PAM, which would > have provided a nice workaround). > > Does anyone know of any other way to achieve this?
I use pam with jabberd2: http://www.jabberdoc.org/section04_6.html And in pam I require a specific group, and I'm using LDAP as the account backend. Works like a charm. Eric.
