On Thu, 2004-10-28 at 11:12, Ricardo Kirkner wrote: > Hi. > > I am trying to create some alias objects in my ldap server, but whenever > I do so, I get errors. > > For example, if I try to insert the following record > > dn: uid=myuser,ou=branchB,o=myorg > objectClass: alias > aliasedObjectName: uid=myuser,ou=branchA,o=myorg > > I get an error telling me that the uid attribute is missing. If I add > the uid attribute to the ldif, I get an error telling me that the uid > attribute is not allowed. > > I also tried to insert referrals instead of alias, but I get the same > results. > > Can anyone tell me what is going wrong? Are alias objects supported in > OpenLDAP 2.1.x? > > Maybe I am doing the wrong approach. I tried to use aliases, because I > want to be able to give different permissions to the same person, based > on different contexts (e.g. I want to allow user 1 to login to host A > and C, but not to B,D and E) > > I thought on having a branch for each host, and inserting aliases into > this branch for the people allowed to access that host (the host would > lookup users on its branch) > > Is this the preferred way? or is there a better way of doing this? > > Thanks, > > ricardo We specify an attribute (for you, maybe localHostAccess). Perhaps, your user should have: dn: uid=myuser,ou=people,o=myorg objectClass: myLocalObjectClass localHostAccess: hostA localHostAccess: hostB Then, at the host, we specify a user filter to describe who has access. For example, on hostA, you might use a filter: "(&(objectClass=inetOrgPerson)(localHostAccess=hostA))" This follows well with the concept of "single user, multiple roles". -Matt -- Matthew J. Smith <matt.smith@uconn.edu> University of Connecticut ITS PGP Key: http://web.uconn.edu/dotmatt/matt.asc
Attachment:
signature.asc
Description: This is a digitally signed message part