Rakesh Rajasekharan wrote:
What exactly does that mean in your context?
In my set up when I provide access to a user, he gets access to all the servers managed by our ldap which is not at all what we would like to give.
So, this way I am trying to further enforce which user would have access to what . I will write few scripts to automate the process.
Is there a better approach to this.
There are better approaches. But of course your mileage may vary. But you should use object class 'account' as a base for your user account entries, not 'hostObject'.
You can do that but why? Which LDAP client does expect the hosts to be in e.g. a space separated list.
The only issue I see here is when i do a "ldapseacrch -x" it would run into many lines . Was trying to just limit that.
You should not care about whether the LDIF output gets lengthy. You have to take care that you have a clean data model. Space/comma/whatever-separated values suck.
Ciao, Michael.