[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: separate login/password for several services?
Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> > now I do can ldapadd these ldif-s successfully
> > ---[ ldif ]------------------------------------------------------------
> > dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org
> > authorizedService: xmpp.org
> > ...
> > uid: john
> >
> > dn: authorizedService=xmpp.org,uid=jsmith,ou=People,dc=org
> > authorizedService: xmpp.org
> > ...
> > uid: john
> > ---[ ldif ]------------------------------------------------------------
>
> Both those entries have one uid in the entry and a different one in
> the DN. The one in the DN refers to the parent entry in each case so
> it is legal but maybe not what you want.
no, it is, indeed
I dedicate these DN-s for services, so each such DN *can and supposed to*
use any (in theory) uid in the entry, the user can ask for
in particular, I do not see another way to authenticate users of
different domains(for email)/realms(for xmpp) against the same LDAP DB
>
> It may be enough for you to simply prevent the non-uniqueness. You can
> do that using the 'unique' overlay:
>
mmm ... will not it prevent non-uniqueness only for parent DN-s? while
what I'm trying to ask (I'm sorry for muddled up explanation what I mean)
about is - uniqueness for the uid *in* the entry ... so, the uniqueness
of the attribute `uid' among all DN-s containing authorizedService=target-service
something like:
dn: authorizedService=target-service,uid=target-service_ALLOWED-USER,ou=People,dc=org
authorizedService=target-service
uid=UNIQUE-AMONG-ALL_target-service_USERS-VALUE
--
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)