[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: objectClass for bindDN

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: Re: objectClass for bindDN
From: Dave Horsfall <daveh@ci.com.au>
Date: Fri, 17 Jan 2003 09:06:22 +1100 (EST)
In-reply-to: <HBF.20030116jac1@bombur.uio.no>

On Thu, 16 Jan 2003, Hallvard B Furuseth wrote:

> > What sort of objectClass do people generally use for the bindDN?
> > We're using extensibleObject (set up by my predecessor)
>
> I've used organizationalRole + simpleSecurityObject (for "Manager"),
> person (for a personal name) or account + simpleSecurityObject (for a
> username).  The simpleSecurityObject and person object classes allow the
> userPassword attribute.

Thanks; I'll give that a whirl.  I had a look at the standard classes,
but couldn't see anything that leaped out and yelled "Use me!".  Which
is probably why my predecessor used extensibleObject :-(

> Or I've just used rootdn and rootpw in slapd.conf, with no corresponding
> entry in the directory.

I'd rather not mix the two, but yeah, that is one way.

> > and I'm seeing obscure problems such as the userPassword attribute not
> > being copied during a sync (not a replication).
>
> There have been problems with extensibleObject until recently (OpenLDAP
> 2.1.10 or something), but I can't imagine how that one would happen.
> Still, it might help to upgrade to the latest release.

First, I have to get my directory normalised :-)  I'm finding all sorts
of obscure problems when using ldaputils from fynet.com (just using
ldapsync showed me heaps of mis-matched DN/RDN attributes).

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 9906-7866  Fx: 9906-1556
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia

References:
- Re: objectClass for bindDN
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: how to ldap simple bind
Next by Date: Re: how to ldap simple bind
Index(es):
- Chronological
- Thread