[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema design and schema restrictions

Buchan Milne wrote:
On Wednesday 26 November 2008 17:03:55 Mansour Al Akeel wrote:
Michael Ströder wrote:
Mansour Al Akeel wrote:
Hello all,
I an new to LDAP, and I have a need to migrate the existing system to
ldap as this will ease a bit the management for the new system
implementation. I need to authenticate users for a web site, and for
the internal system ( linux, windows stations .... etc). Now the
available account objectclass is structural so I can not user
inetorgperson with account as both are structural. In this case I
decided to extend inetOrgPerson, and add username and password as a
MUST attributes. This is because all the users have access to the web
site and they need authentication, but some users will need to have
access to the machines. In this case I will create a new objectClass
(ie. accountInfo) which containts the info I need (home directory,
shell, loginScript, .... etc).
I'd recommend to use inetOrgPerson together with posixAccount for the
users which need shell access.

Ciao, Michael.
Thank you Michael, but posixAccount doesn't require the password, which
makes it not suitable for authentication.

But, inetOrgPerson (as it inherits from person) allows userPassword, so this is irrelevant.

True, but it's not required (MUST). the password is optional (MAY). I will consider extending inetOrgPerson and make the password MUST.
You only need account (or hostObject) if you want the host attribute.

I couldn't find objectClass: hostObject any where. What do you mean by host attribute? I am going to need additional AUX objectClass for the home directory, login scripts, .... etc. AFAIK account is structural and not to be combined with inetOrgPerson.