Re: separate login/password for several services?

["Zeus Panchenko" <zeus@ibs.dn.ua>]

Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> That can be done - it is just a matter of choosing a naming structure
> that allows it.

that's simple but was not obvious to me :(

> That one won't work, as there is no way to link the individual uid and
> userPassword values. You need one LDAP entry per uid so either add
> another layer to the tree

> dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org
> authorizedService: xmpp.org
> ....
>
> dn: uid=john,authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org
> authorizedService: xmpp.org
> uid: john
> userPassword: qwerty
> ....

I like it, thanks much

have I create dedicated object like:
dn: authorizedService=YYY,uid=AAA,dc=ZZZ

before configuring the service for the user like:
dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ

or the second one will be enough?


> Incidentally, you seem to be misusung some fields in the person
> object:
> 
> > cn: john.doe@xmpp.org
> > sn: xmpp.org
> 
> If you really don't want to put the real name there you should choose
> a different objectclass that does not force you to fill in those
> attributes.

it is not to say I do not want to put it, but rather I want to have such
possibility in case it could be demanded in the future

as for the different classes ... I was trying to find it but faced the
problem when the parent record, which contains 
objectclass: posixAccount
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: inetLocalMailRecipient

was refusing the child creation until the child belongs to that set of
classes :(

-- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)