Andrew Findlay andrew.findlay@skills-1st.co.uk wrote:
That can be done - it is just a matter of choosing a naming structure that allows it.
that's simple but was not obvious to me :(
That one won't work, as there is no way to link the individual uid and userPassword values. You need one LDAP entry per uid so either add another layer to the tree
dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org authorizedService: xmpp.org ....
dn: uid=john,authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org authorizedService: xmpp.org uid: john userPassword: qwerty ....
I like it, thanks much
have I create dedicated object like: dn: authorizedService=YYY,uid=AAA,dc=ZZZ
before configuring the service for the user like: dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ
or the second one will be enough?
Incidentally, you seem to be misusung some fields in the person object:
cn: john.doe@xmpp.org sn: xmpp.org
If you really don't want to put the real name there you should choose a different objectclass that does not force you to fill in those attributes.
it is not to say I do not want to put it, but rather I want to have such possibility in case it could be demanded in the future
as for the different classes ... I was trying to find it but faced the problem when the parent record, which contains objectclass: posixAccount objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person objectclass: inetLocalMailRecipient
was refusing the child creation until the child belongs to that set of classes :(