[Date Prev][Date Next]
Re: schema design and schema restrictions
On Wednesday 26 November 2008 17:03:55 Mansour Al Akeel wrote:
> Michael Ströder wrote:
> > Mansour Al Akeel wrote:
> >> Hello all,
> >> I an new to LDAP, and I have a need to migrate the existing system to
> >> ldap as this will ease a bit the management for the new system
> >> implementation. I need to authenticate users for a web site, and for
> >> the internal system ( linux, windows stations .... etc). Now the
> >> available account objectclass is structural so I can not user
> >> inetorgperson with account as both are structural. In this case I
> >> decided to extend inetOrgPerson, and add username and password as a
> >> MUST attributes. This is because all the users have access to the web
> >> site and they need authentication, but some users will need to have
> >> access to the machines. In this case I will create a new objectClass
> >> (ie. accountInfo) which containts the info I need (home directory,
> >> shell, loginScript, .... etc).
> > I'd recommend to use inetOrgPerson together with posixAccount for the
> > users which need shell access.
> > Ciao, Michael.
> Thank you Michael, but posixAccount doesn't require the password, which
> makes it not suitable for authentication.
But, inetOrgPerson (as it inherits from person) allows userPassword, so this
You only need account (or hostObject) if you want the host attribute.