[Date Prev][Date Next]
Re: separate login/password for several services?
Andrew Findlay <firstname.lastname@example.org> wrote:
> You would end up creating two new attributes for each service type,
> and OpenLDAP would still not check the passwords for you in a useful way.
> Better method: Create a sub-entry below the user entry for each service.
> The service-specific entry can use the standard 'uid' and 'userPassword'
> attributes, and you just need to make sure that each service includes the
> authorizedService attribute when searching for the entry to authenticate.
is there way to avoid target service uid clashing in this case?
lets say I have two users with name John and I need to give each one
acces to some service, but both of them wish the service uid=john (for
example, it is common issue for MTA serving different mail domains with
different user space for each one)
so what is needed to provide uniqueness of attribute `uid' for each
is it possible to do that inside OpenLDAP or have it to be performed via
something like analyzing the output of
ldapsearch ... "(&(uid=target-user)(authorizedService=target-service))" dn
Zeus V. Panchenko jid:email@example.com
IT Dpt., I.B.S. LLC GMT+2 (EET)