[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate login/password for several services?

Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> ...
> You would end up creating two new attributes for each service type,
> and OpenLDAP would still not check the passwords for you in a useful way.
> Better method: Create a sub-entry below the user entry for each service.
> The service-specific entry can use the standard 'uid' and 'userPassword'
> attributes, and you just need to make sure that each service includes the
> authorizedService attribute when searching for the entry to authenticate.
> ...

is there way to avoid target service uid clashing in this case?

lets say I have two users with name John and I need to give each one
acces to some service, but both of them wish the service uid=john (for
example, it is common issue for MTA serving different mail domains with
different user space for each one)

so what is needed to provide uniqueness of attribute `uid' for each 

dn: authorizedService=target-service,uid=target-user,ou=People,dc=org

is it possible to do that inside OpenLDAP or have it to be performed via
something like analyzing the output of

ldapsearch ... "(&(uid=target-user)(authorizedService=target-service))" dn 

Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)