[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
local/global userPassword
Hi,
I have a few seamingly related questions:
- how can I have identical userPasswords on different DN's
- how do I transparently realize a kind of subset structure for
userprofiles?
Background Information:
I'm deploying openLDAP in an environment where on user can have
several homedirectories on different machines.
We want do have a global user profile with a mailadress as DN:
mail=<user@domain>,ou=people,o=<org>
which stores inetOrgPerson information and holds a default userPassword.
We also need local profiles for every account with the DN
uid=<user>,ou=<domain>,o=<org>
which stores uid etc.
What we also want to do is:
use pam_ldap which searches for uid=<user> under DN: ou=<domain>,o=<org>
Now, pam will not find a userPassword there. Problem.
Is it possible to get the server to chase a kind of symbolic link to
the userPassword attribute of the global profile here?
(optimal would be if it does this only if there's no local userPassword)
I can't figure out how to implement this using referrals or aliases
(btw. are aliases automatically chased down by openLDAP? what are they
good for?), what I would like to have is a symbolic link which the
server automatically replaces by the attribute/value pair pointed to.
Or a kind of subset mechanism, where the local entry inherits the attributes
of another.
The only way I can imagine this would be to modify pam_ldap to chase
down "seeAlso" attributes.
Thanks for your ideas
Arvid Requate
--
"You might write faster code in C, but you'll write code faster in Perl"
--
"You might write faster code in C, but you'll write code faster in Perl"