Re: separate login/password for several services?
Andrew Findlay <andrew.findlay(a)skills-1st.co.uk> wrote:
That can be done - it is just a matter of choosing a naming
structure
that allows it.
that's simple but was not obvious to me :(
That one won't work, as there is no way to link the individual
uid and
userPassword values. You need one LDAP entry per uid so either add
another layer to the tree
dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org
authorizedService: xmpp.org
....
dn: uid=john,authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org
authorizedService: xmpp.org
uid: john
userPassword: qwerty
....
I like it, thanks much
have I create dedicated object like:
dn: authorizedService=YYY,uid=AAA,dc=ZZZ
before configuring the service for the user like:
dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ
or the second one will be enough?
Incidentally, you seem to be misusung some fields in the person
object:
> cn: john.doe(a)xmpp.org
> sn: xmpp.org
If you really don't want to put the real name there you should choose
a different objectclass that does not force you to fill in those
attributes.
it is not to say I do not want to put it, but rather I want to have such
possibility in case it could be demanded in the future
as for the different classes ... I was trying to find it but faced the
problem when the parent record, which contains
objectclass: posixAccount
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: inetLocalMailRecipient
was refusing the child creation until the child belongs to that set of
classes :(
--
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)