[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate login/password for several services?



On Fri, Sep 27, 2013 at 02:25:24PM +0300, Zeus Panchenko wrote:

> have I create dedicated object like:
> dn: authorizedService=YYY,uid=AAA,dc=ZZZ
> 
> before configuring the service for the user like:
> dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ
> 
> or the second one will be enough?

You have to create the branch points before you can add entries under
them. That is why I suggested the alternative where both the service
name and the uid are part of the RDN: such multi-valued RDNs are
unusual, but it might be a convenient structure in this case.

> as for the different classes ... I was trying to find it but faced the
> problem when the parent record, which contains 
> objectclass: posixAccount
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: inetLocalMailRecipient
> 
> was refusing the child creation until the child belongs to that set of
> classes :(

There must have been some other reason for the error. LDAP servers do
not normally restrict what type of entry you can create at a given
point in the DIT. The ACLs in force might restrict what you can do,
but you have control over those.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------