Re: schema design and schema restrictions

[Michael Ströder <michael@stroeder.com>]

Mansour Al Akeel wrote:
> Buchan Milne wrote:
> > On Wednesday 26 November 2008 17:03:55 Mansour Al Akeel wrote:
> >  
> > > Michael Ströder wrote:
> > > > I'd recommend to use inetOrgPerson together with posixAccount for the
> > > > users which need shell access.
> > > >       
> > > Thank you Michael, but posixAccount doesn't require the password, which
> > > makes it not suitable for authentication.
> >
> > But, inetOrgPerson (as it inherits from person) allows userPassword, 
> > so this is irrelevant.
>
> True, but it's not required (MUST). the password is optional (MAY). I 
> will consider extending inetOrgPerson and make the password MUST.

You can do so but the question is whether this makes sense. During user 
registration process you might create the user's entry but the user 
account is still not activated with a password yet. Depending on your 
processes setting userPassword to MUST can be an obstacle you have to 
work around.

Your mileage may vary.

Ciao, Michael.