[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate login/password for several services?

To: "Andrew Findlay" <andrew.findlay@skills-1st.co.uk>
Subject: Re: separate login/password for several services?
From: Zeus Panchenko <zeus@ibs.dn.ua>
Date: Fri, 09 Aug 2013 22:36:00 +0300
Cc: openldap-technical@openldap.org
In-reply-to: Your message of Fri, 9 Aug 2013 17:13:28 +0100 <20130809161328.GI4406@slab.skills-1st.co.uk>
Organization: I.B.S. LLC
References: <20130809180546.9337@relay.ibs.dn.ua> <20130809175357.7824@relay.ibs.dn.ua> <20130809161328.GI4406@slab.skills-1st.co.uk>

Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> Do you reall want every user account on every service to have a
> different username? 

to be honest, I do not want, but in practice when I need to land some
mail domain with whole it's users at my MTA, I need to decide what
to do with widely used mailboxes like admin, info, abuse etc

> (i.e. the user cannot request to be known as
> 'fred' on both the SMTP service and the IMAP service?

technically I do can provide that but it is head ache of course and what
I meant is difference in more "other" protocols like smtp/pop3/imap4 -
xmpp - rdp - ftp - ssh - whatever else

> are serving.  If the same network address is used to serve all domains
> then you do indeed require the uids to be unique across domains (but
> you probably do want to let fred@x.y.com use that ID for all
> services).

yes, I do

> > mmm ... will not it prevent non-uniqueness only for parent DN-s? while
> > what I'm trying to ask (I'm sorry for muddled up explanation what I mean)
> > about is - uniqueness for the uid *in* the entry ... so, the uniqueness
> > of the attribute `uid' among all DN-s containing authorizedService=target-service
> 
> You could do that if you are prepared to have one config line for each
> service. Something like:
> 
> overlay unique
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=XMPP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SSH)

wow, great!  since the number of the services I provide is limited, it is
not the problem to set all of them in slapd.conf

thank you much!

and finally, is it OK (strategically) that object person becomes the
branch rather than leaf in such configuration?

-- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)

References:
- Re: separate login/password for several services?
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: RE24 testing call (OpenLDAP 2.4.36)
Next by Date: Re: Schema Replication and data replication.
Index(es):
- Chronological
- Thread