[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema design and schema restrictions

To: Michael Ströder <michael@stroeder.com>
Subject: Re: schema design and schema restrictions
From: Mansour Al Akeel <mansour.alakeel@gmail.com>
Date: Wed, 26 Nov 2008 11:03:55 -0400
Cc: openldap-technical@openldap.org
In-reply-to: <492D21B1.9080604@stroeder.com>
References: <492CCB80.5060709@gmail.com> <492D21B1.9080604@stroeder.com>
User-agent: Thunderbird 2.0.0.17 (X11/20081122)

Michael Ströder wrote:

Mansour Al Akeel wrote:
Hello all, I an new to LDAP, and I have a need to migrate the existing system to ldap as this will ease a bit the management for the new system implementation. I need to authenticate users for a web site, and for the internal system ( linux, windows stations .... etc). Now the available account objectclass is structural so I can not user inetorgperson with account as both are structural. In this case I decided to extend inetOrgPerson, and add username and password as a MUST attributes. This is because all the users have access to the web site and they need authentication, but some users will need to have access to the machines. In this case I will create a new objectClass (ie. accountInfo) which containts the info I need (home directory, shell, loginScript, .... etc).
I'd recommend to use inetOrgPerson together with posixAccount for the users which need shell access.

Ciao, Michael.

Thank you Michael, but posixAccount doesn't require the password, which makes it not suitable for authentication.

Follow-Ups:
- Re: schema design and schema restrictions
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- schema design and schema restrictions
  - From: Mansour Al Akeel <mansour.alakeel@gmail.com>
- Re: schema design and schema restrictions
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Disabling User Account
Next by Date: Re: Samba failed to bind Ldap
Index(es):
- Chronological
- Thread