[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: objectClass for bindDN

Dave Horsfall writes:
> What sort of objectClass do people generally use for the bindDN?
> We're using extensibleObject (set up by my predecessor)

I've used organizationalRole + simpleSecurityObject (for "Manager"),
person (for a personal name) or account + simpleSecurityObject (for a
username).  The simpleSecurityObject and person object classes allow the
userPassword attribute.

Or I've just used rootdn and rootpw in slapd.conf, with no corresponding
entry in the directory.

> and I'm seeing obscure problems such as the userPassword attribute not
> being copied during a sync (not a replication).

There have been problems with extensibleObject until recently (OpenLDAP
2.1.10 or something), but I can't imagine how that one would happen.
Still, it might help to upgrade to the latest release.