[Date Prev][Date Next]
schema design and schema restrictions
I an new to LDAP, and I have a need to migrate the existing system to
ldap as this will ease a bit the management for the new system
implementation. I need to authenticate users for a web site, and for the
internal system ( linux, windows stations .... etc). Now the available
account objectclass is structural so I can not user inetorgperson with
account as both are structural. In this case I decided to extend
inetOrgPerson, and add username and password as a MUST attributes. This
is because all the users have access to the web site and they need
authentication, but some users will need to have access to the machines.
In this case I will create a new objectClass (ie. accountInfo) which
containts the info I need (home directory, shell, loginScript, .... etc).
The issue here is how do I restrict the accountInfo to be added under
User ? This is in fact not only specific to this senario. I couldn't
find any docs about how to prevent objectClass domain to be added under
Finally, how do other ldap admin deal with similar cases ? Any advice ?