Hello,

My personal network is expanding from four SuSE boxes to about a dozen. I'm looking to setup an LDAP server so that I can have centralized authentication (one set of user/password information stored in one place, usable on all of the systems).

I plan on using SuSE for almost all of them, with the possibility of adding in a few BSD boxes, and possible CentOS or Solaris 10.

I found a good SuSE HOWTO on setting this up, and I understand most of it. I have one issue though, which I cannot seem to understand from the HOWTO's.

How do I specify access rights/permissions by user?

i.e. Let's say I have three systems - Saturn, Pandora, and Calypso. Saturn is the LDAP server. I create a user called joe. I want joe to have a normal user account with access to his home directory on Saturn, have full administrator access to all home directories, the /srv direcroty, and a bunch of other stuff on Pandora, and have no access at all to Calypso.

Is this possible with LDAP? How do I implement it?

If you could point me in the direction of some useful information, which doesn't assume a lot of knowledge about LDAP (this is the first time I've done anything with it) that would be great. Thanks.

How do I specify access rights/permissions by user?

You should look into Access Control Lists (ACLs). It's an expansion on the basic Linux permissions, allowing you more control over who has access to what, and to what extent.

See the SuSe System Administrators Manual in /usr/share/doc/manual, Chapter 35.