Hello,

I’m new on this list. I actually try to configure a LDAP server to manage my identities (and use Kerberos as authentication backend). In my goal, I want to minimize information that need to be set by administrator to create entry.

Here is a basic example :

dn: uid=yoann,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: Yoann Gini
gidNumber: 20
homeDirectory: /home/users/yoann
sn: Gini
uid: yoann
uidNumber: 2000
givenName: Yoann
loginShell: /usr/local/bin/zsh
mail: yoann@example.com
userPassword: {SASL}yoann@EXAMPLE.COM

As you can see, they have many redundant informations…

What I looking for is a way to fix some field for posixAccount or *,ou=people,dc=example,dc=com.

For example, userPassword should be construct with a static text, a ldap entry and a global variable… {SASL}$uid$#KRB_REALM#.
Like the mail : $uid$#domain#

If you have any suggestion :-)

Yoann