[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate login/password for several services?

To: "Andrew Findlay" <andrew.findlay@skills-1st.co.uk>
Subject: Re: separate login/password for several services?
From: "Zeus Panchenko" <zeus@ibs.dn.ua>
Date: Fri, 27 Sep 2013 01:23:54 -2100
Cc: openldap-technical@openldap.org
In-reply-to: Your message of Fri, 9 Aug 2013 17:13:28 +0100 <20130809161328.GI4406@slab.skills-1st.co.uk>
Organization: I.B.S. LLC
References: <20130809180546.9337@relay.ibs.dn.ua> <20130809175357.7824@relay.ibs.dn.ua> <20130809161328.GI4406@slab.skills-1st.co.uk>

Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> > mmm ... will not it prevent non-uniqueness only for parent DN-s? while
> > what I'm trying to ask (I'm sorry for muddled up explanation what I mean)
> > about is - uniqueness for the uid *in* the entry ... so, the uniqueness
> > of the attribute `uid' among all DN-s containing authorizedService=target-service
> 
> You could do that if you are prepared to have one config line for each
> service. Something like:
> 
> overlay unique
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=XMPP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SSH)
> 

this prevents each uid=X,ou=People,dc=org from having more than one
authorizedService=Y offspring ... while the original idea is to let user
A to have for the service B, several uid-s but to prevent other users to
have the same uids for the corresponding service ...

what I mean are multiple attributes uid/userpassword "inside" the
offspring not in the `dn' of the offspring:

dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org
authorizedService: xmpp.org
uid: john
uid: john1
uid: johnN
userPassword: qwerty
userPassword: qwerty1
userPassword: qwertyN
cn: john.doe@xmpp.org
sn: xmpp.org
description: John Doe XMPP account at xmpp.org
uidNumber: 12345
gidNumber: 23456
homeDirectory: /nonexistent
loginShell: /sbin/nologin
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: authorizedServiceObject

and in this case we need to prevent some other user from having
offspring with the same uid ... to prevent for user 
uid=johandoe,ou=People,dc=org offspring:

dn: authorizedService=xmpp.org,uid=johandoe,ou=People,dc=org
authorizedService: xmpp.org
uid: johan
uid: johan1
userPassword: qwerty
userPassword: qwerty1
cn: johan.doe@xmpp.org
sn: xmpp.org
description: Johan Doe XMPP account at xmpp.org
uidNumber: 12345
gidNumber: 23456
homeDirectory: /nonexistent
loginShell: /sbin/nologin
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: authorizedServiceObject

possibility to add another `uid: johnN' which is already used by 
dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org

so, what could be the solution, please?

-- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)

Follow-Ups:
- Re: separate login/password for several services?
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: cn=config chaining
Next by Date: Re: separate login/password for several services?
Index(es):
- Chronological
- Thread