Rakesh Rajasekharan wrote: >> What exactly does that mean in your context? > In my set up when I provide access to a user, he gets access to all the > servers managed by our ldap which is not at all what we would like to give. > > So, this way I am trying to further enforce which user would have access to > what . > I will write few scripts to automate the process. > > Is there a better approach to this. There are better approaches. But of course your mileage may vary. But you should use object class 'account' as a base for your user account entries, not 'hostObject'. >> You can do that but why? Which LDAP client does expect the hosts to be in >> e.g. a space separated list. > The only issue I see here is when i do a "ldapseacrch -x" it would run into > many lines . > Was trying to just limit that. You should not care about whether the LDIF output gets lengthy. You have to take care that you have a clean data model. Space/comma/whatever-separated values suck. Ciao, Michael.
Description: S/MIME Cryptographic Signature