[Date Prev][Date Next]
Re: (ITS#6250) Password modify ext.op. - automagically add simpleSecurityObject
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6250) Password modify ext.op. - automagically add simpleSecurityObject
- From: email@example.com
- Date: Tue, 11 Aug 2009 20:19:14 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Howard Chu wrote:
>> Michael Ströder wrote:
>>> Let's assume the policy for a deployment is that password changes MUST be
>>> applied by using password modify ext. op. (e.g. because smbk5pwd is
>>> used or
>>> similar) and you want to use object class 'account' for user entries. How
>>> could the attribute 'userPassword' be added to the user entry then?
>>> It's kind
>>> of a dead-lock situation.
>> Then you made a mistake in your data design.
> Nope. Since with a modify request I can achieve the goal by adding object
> class 'simpleSecurityObject'. IMO password modify ext.op. should result in
> userPassword being added. One could view it as a hen-and-egg problem because
> 'simpleSecurityObject' is mandating 'userPassword'.
I agree with Hallvard that this should be made configurable. So the admin
could specify whether and which AUXILIARY object class is added.