Hello,
We are storing user accounts in OpenLDAP. Main classes used are:
objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: eduPerson
User email address(es) is (are) stored in the "mail" attribute and are also used by Postfix (which uses virtual accounts based on LDAP).
I would like to define some email accounts (with associated email addresses) which do NOT belong to a particular user; so, in these accounts a mail attribute would not be associated (both conceptually and practically) with a person objectClass.
Is there a suggestion on which existing objectClass(es) (and associated schemas, if applicable) should we use for such use? I thought of "account" (defined in cosine.schema), but it does not accept a mail attribute. The idea would be to use something like an extended "account" objectClass, (or "account" itself, with some additional auxiliary class to define an email address) together with simpleSecurityObject to allow definition of a password.
Any experiences, suggestions will be appreciated.
Thanks, Nick
You may add the objectClass mailrecipient to accounts or posixaccounts.
otherwise, we use objectclass qmail (to define mailboxes) qmailControl (to define acceptable domains) to define our mail environment.
you may find the corresponding schemas in the Internet.
suomi
On 02/07/2012 09:39 AM, Nick Milas wrote:
Hello,
We are storing user accounts in OpenLDAP. Main classes used are:
objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: eduPerson
User email address(es) is (are) stored in the "mail" attribute and are also used by Postfix (which uses virtual accounts based on LDAP).
I would like to define some email accounts (with associated email addresses) which do NOT belong to a particular user; so, in these accounts a mail attribute would not be associated (both conceptually and practically) with a person objectClass.
Is there a suggestion on which existing objectClass(es) (and associated schemas, if applicable) should we use for such use? I thought of "account" (defined in cosine.schema), but it does not accept a mail attribute. The idea would be to use something like an extended "account" objectClass, (or "account" itself, with some additional auxiliary class to define an email address) together with simpleSecurityObject to allow definition of a password.
Any experiences, suggestions will be appreciated.
Thanks, Nick
openldap-technical@openldap.org