[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6250) Password modify ext.op. - automagically add simpleSecurityObject



michael@stroeder.com wrote:
> Howard Chu wrote:
>> Michael Ströder wrote:
>>> Let's assume the policy for a deployment is that password changes MUST be
>>> applied by using password modify ext. op. (e.g. because smbk5pwd is
>>> used or
>>> similar) and you want to use object class 'account' for user entries. How
>>> could the attribute 'userPassword' be added to the user entry then?
>>> It's kind
>>> of a dead-lock situation.
>> Then you made a mistake in your data design.
> 
> Nope. Since with a modify request I can achieve the goal by adding object
> class 'simpleSecurityObject'. IMO password modify ext.op. should result in
> userPassword being added. One could view it as a hen-and-egg problem because
> 'simpleSecurityObject' is mandating 'userPassword'.

I agree with Hallvard that this should be made configurable. So the admin
could specify whether and which AUXILIARY object class is added.

Ciao, Michael.