[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate login/password for several services?

To: Zeus Panchenko <zeus@ibs.dn.ua>
Subject: Re: separate login/password for several services?
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Fri, 27 Sep 2013 12:53:12 +0100
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20130927142524.41957@relay.ibs.dn.ua>
References: <20130809180546.9337@relay.ibs.dn.ua> <20130809175357.7824@relay.ibs.dn.ua> <20130809161328.GI4406@slab.skills-1st.co.uk> <20130927012354.70569@relay.ibs.dn.ua> <20130927082322.GE5865@slab.skills-1st.co.uk> <20130927142524.41957@relay.ibs.dn.ua>
User-agent: Mutt/1.5.21 (2010-09-15)

On Fri, Sep 27, 2013 at 02:25:24PM +0300, Zeus Panchenko wrote:

> have I create dedicated object like:
> dn: authorizedService=YYY,uid=AAA,dc=ZZZ
> 
> before configuring the service for the user like:
> dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ
> 
> or the second one will be enough?

You have to create the branch points before you can add entries under
them. That is why I suggested the alternative where both the service
name and the uid are part of the RDN: such multi-valued RDNs are
unusual, but it might be a convenient structure in this case.

> as for the different classes ... I was trying to find it but faced the
> problem when the parent record, which contains 
> objectclass: posixAccount
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: inetLocalMailRecipient
> 
> was refusing the child creation until the child belongs to that set of
> classes :(

There must have been some other reason for the error. LDAP servers do
not normally restrict what type of entry you can create at a given
point in the DIT. The ACLs in force might restrict what you can do,
but you have control over those.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- Re: separate login/password for several services?
  - From: "Zeus Panchenko" <zeus@ibs.dn.ua>
- Re: separate login/password for several services?
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: separate login/password for several services?
  - From: "Zeus Panchenko" <zeus@ibs.dn.ua>

Prev by Date: Re: separate login/password for several services?
Next by Date: ldapsearch: wildcard search do not list all entries
Index(es):
- Chronological
- Thread