Date: Tue, 29 Apr 2008 11:00:58 +0000 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Jonathan Chen <jonc@chen.org.nz> Cc: freebsd-questions@freebsd.org Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? Message-ID: <4816FFEA.9030009@zedat.fu-berlin.de> In-Reply-To: <20080429105142.GA69915@osiris.chen.org.nz> References: <4816F370.6070706@zedat.fu-berlin.de> <20080429105142.GA69915@osiris.chen.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Jonathan Chen wrote: > On Tue, Apr 29, 2008 at 10:07:44AM +0000, O. Hartmann wrote: >> Hello out there, >> my question may sound a bit weird, but the situation is as follows: >> >> I use OpenLDAP 2.4 for authetication purposes within our lab's net and >> every user's account is of the objectclass 'posixAccount'. As we know, >> this class does not contain the attribute 'host', which belongs to >> structural class 'account' and both posixAccount and account are of >> type structural and therefore can not be mixed. > > Is there really such a rule? There's an of examples in > O'Reilly's "LDAP System Administration" that has a mixed > "account" + "posixAccount" objectClasses for a node to implement > the situation of: One User and a Group of Hosts. Well, simply try to include both structural object classes 'account' and posixAccount and you'll get a class violation - so it is here ... Oliver P.S. O'Reilly's book seems to be a little bit outdated, it reflects schemata prior to OpenLDAP 2.3 I guess and I use 2.4 by the way. I read many turoials mixin up both account and posixAccount but this isn't allowed any more with newer versions - as I understand.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4816FFEA.9030009>