Re: schema design and schema restrictions
Buchan Milne wrote:
On Wednesday 26 November 2008 17:03:55 Mansour Al Akeel wrote:
> Michael Ströder wrote:
>
>> Mansour Al Akeel wrote:
>>
>>> Hello all,
>>> I an new to LDAP, and I have a need to migrate the existing system to
>>> ldap as this will ease a bit the management for the new system
>>> implementation. I need to authenticate users for a web site, and for
>>> the internal system ( linux, windows stations .... etc). Now the
>>> available account objectclass is structural so I can not user
>>> inetorgperson with account as both are structural. In this case I
>>> decided to extend inetOrgPerson, and add username and password as a
>>> MUST attributes. This is because all the users have access to the web
>>> site and they need authentication, but some users will need to have
>>> access to the machines. In this case I will create a new objectClass
>>> (ie. accountInfo) which containts the info I need (home directory,
>>> shell, loginScript, .... etc).
>>>
>> I'd recommend to use inetOrgPerson together with posixAccount for the
>> users which need shell access.
>>
>> Ciao, Michael.
>>
> Thank you Michael, but posixAccount doesn't require the password, which
> makes it not suitable for authentication.
>
But, inetOrgPerson (as it inherits from person) allows userPassword, so this
is irrelevant.
True, but it's not required (MUST). the password is optional (MAY). I
will consider extending inetOrgPerson and make the password MUST.
You only need account (or hostObject) if you want the host
attribute.
I couldn't find objectClass: hostObject any where. What do you mean by
host attribute? I am going to need additional AUX objectClass for the
home directory, login scripts, .... etc. AFAIK account is structural and
not to be combined with inetOrgPerson.
Regards,
Buchan