Re: separate login/password for several services?
On Fri, Sep 27, 2013 at 10:16:43PM +0200, Michael Ströder wrote:
Did not follow this thread closely. But one should be aware of
ITS#6825 when
planning to use slapo-unique for a more complex setup.
unique_uri filter reaching beyond its intended target
http://www.openldap.org/its/index.cgi?findid=6825
Good point. We started with these ACLs:
> overlay unique
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=XMPP)
> unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SSH)
so that bug will prevent modifications to the authority entries even though adds
will be processed OK. I cannot think of an easy workaround in this case :-(
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------