[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap linking attributes support

Andy wrote:

Currently I have a ldap directory with several branches.

----ou=Samba accounts
----ou=Website accounts
----ou=VPN accounts
----ou=Email accounts

and so on.
Every object has a userPassword field which means that if a user changes his password under one of the systems (eg. websites), the password will not change on the others. Ultimately I would like to syncronise all the passwords between all the systems.

If all these user sets are almost the same my question is why did you put them in several branches? You should rather have ou=Users and put users in Samba/Website/VPN/Email groups or given them additional attributes to filter them.

Is there anyway I can link the attribute userPassword attribute within samba schema, emailaccounts schema so on to the simple security object that resides in the ou=password.


BTW: Samba passwords are different attributes anyway.

Ciao, Michael.