[Date Prev][Date Next] [Chronological] [Thread] [Top]

local/global userPassword


I have a few seamingly related questions:
- how can I have identical userPasswords on different DN's
- how do I transparently realize a kind of subset structure for

Background Information:

I'm deploying openLDAP in an environment where on user can have
several homedirectories on different machines.

We want do have a global user profile with a mailadress as DN:
which stores inetOrgPerson information and holds a default userPassword.

We also need local profiles for every account with the DN
which stores uid etc.

What we also want to do is:
use pam_ldap which searches for uid=<user> under DN: ou=<domain>,o=<org>

Now, pam will not find a userPassword there. Problem.
Is it possible to get the server to chase a kind of symbolic link to
the userPassword attribute of the global profile here?
(optimal would be if it does this only if there's no local userPassword)
I can't figure out how to implement this using referrals or aliases
(btw. are aliases automatically chased down by openLDAP? what are they
 good for?), what I would like to have is a symbolic link which the
 server automatically replaces by the attribute/value pair pointed to.

Or a kind of subset mechanism, where the local entry inherits the attributes
of another.

The only way I can imagine this would be to modify pam_ldap to chase
down "seeAlso" attributes.

Thanks for your ideas
	Arvid Requate
"You might write faster code in C, but you'll write code faster in Perl"
"You might write faster code in C, but you'll write code faster in Perl"