Poul Etto wrote:
Thank you for all the information, even if it is going a bit far from the initial question... To clarify the problem, I will try to show what we are doing, you will find here attached an image file that goes with following explanation: There are "u" user accounts on the ldap server We have a number of "s" services that use LDAP to manage user account. Each service has particular attributes Each service must be able to access only it's information Basic services use only the information contained in the standard LDAP useraccount Advanced services have dedicated OUs with special attributes It is important that each service can accees in RO (no modification) to only it's information. That's why we made our LDAP as it is in the attached picture. To simplify usage of services for each user, we decided to duplicate the "password" field between the different OUs, that's why I came here to ask about aliases. If ever you are sure that there is a cleaner way to do the things (that isn't too heavy to setup), we will be glad to have more technical and logical explanations.
Can all be done with appropriate ACLs without aliases. Make sure your services authenticate when binding to slapd.
But I can't tell whether it "isn't too heavy" for you. Of course you would have to dive into the ACLs docs.
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature