[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: separate login/password for several services?
On Fri, Sep 27, 2013 at 10:16:43PM +0200, Michael Ströder wrote:
> Did not follow this thread closely. But one should be aware of ITS#6825 when
> planning to use slapo-unique for a more complex setup.
>
> unique_uri filter reaching beyond its intended target
> http://www.openldap.org/its/index.cgi?findid=6825
Good point. We started with these ACLs:
> > overlay unique
> > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP)
> > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP)
> > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3)
> > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=XMPP)
> > unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SSH)
so that bug will prevent modifications to the authority entries even though adds
will be processed OK. I cannot think of an easy workaround in this case :-(
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------