This OID is used to describe an LDAP Schema, named DUP schema, which adds attributes for regulating access to Dialup Accounts to LDAP Objects.
It depends on the core schema and on the cosine schema, and is used with objects of the posixAccount class.
We have used it in conjunction with the qmail-ldap schema, to restrict dialup-account access via PAM modules, defining the number of simultaneos logins (limits.conf) and the time a user is allowed to connect (time.conf).
- The [attachment:dup.schema DUP schema] (?DialUpPolicy) defines:
- objectclass:
- dupAccount
- attributetype:
-
dupMaxLogins
* an integer specifying how much simultaneos logins are allowed. If not existent, no restriction applies. If 0, there should also be no restriction on the number of logins. Do not use this attribute to block an account, use dupAccountStatus instead. We use a script to generate
/etc/security/limits.conffrom this attribute. The PAM Module pamlimits_ makes use of this configuration file. - attributetype:
-
dupLoginTimeSpec
* This attribute can be specified multiply, and contains time specifications as required by the pamtime_ module. This specifications should be tied together with the or (|) operator. We use a script to generate
/etc/security/time.conffrom this attribute. - attributetype:
- dupAccountStatus * This attribute is string, describing the accounts status, actual (proposed) values are: active, disabled, restricted, localonly We do not actually use this field.