[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema design and schema restrictions

Mansour Al Akeel wrote:
Buchan Milne wrote:
On Wednesday 26 November 2008 17:03:55 Mansour Al Akeel wrote:
Michael Ströder wrote:
I'd recommend to use inetOrgPerson together with posixAccount for the
users which need shell access.
Thank you Michael, but posixAccount doesn't require the password, which
makes it not suitable for authentication.

But, inetOrgPerson (as it inherits from person) allows userPassword, so this is irrelevant.

True, but it's not required (MUST). the password is optional (MAY). I will consider extending inetOrgPerson and make the password MUST.

You can do so but the question is whether this makes sense. During user registration process you might create the user's entry but the user account is still not activated with a password yet. Depending on your processes setting userPassword to MUST can be an obstacle you have to work around.

Your mileage may vary.

Ciao, Michael.