[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple suffix definitions

Jonathan Mangin wrote:

Hi all,
I've just begun trying to migrate webapp authentication
from sql to LDAP, and have some basic questions.

With this objectclass:

objectclass (myObjectClass:5
  NAME 'accountXtras'
  SUP top
  AUXILIARY
  MUST (userPassword)
  MAY (userLevel $ organizationID))

is this how I can include the extra attributes?

dn: uid=aaaaaa, st=Indiana, c=US
objectclass: top
objectclass: account
objectclass: accountXtras  #????
uid: aaaaaa
userPassword: aaaaaa
userLevel: 2
organizationID: IN1


Yes.

Also...
The docs say I can have multiple suffix lines. I tried:

suffix          "dc=test,dc=com"
suffix          "c=US"
rootdn          "cn=Manager,dc=test,dc=com"

I have only a vague idea of why I want to do this, but slapd
won't start with two suffix lines of any kind. How can I
make this work?

If you have only a vague idea here, you should avoid it. In fact the current revisions of back-bdb disallow this by default. (You can change a #define at compile time if you really want it, but search performance will decrease.) Other backends probably still support multiple suffixes, but really, there is no good reason to do it.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support