From owner-freebsd-questions@FreeBSD.ORG Wed Apr 30 09:00:54 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A9101065673 for ; Wed, 30 Apr 2008 09:00:54 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 3B6E38FC26 for ; Wed, 30 Apr 2008 09:00:54 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) with esmtp (envelope-from ) id <1Jr8BJ-0006u7-2w>; Wed, 30 Apr 2008 11:00:53 +0200 Received: from telesto.geoinf.fu-berlin.de ([130.133.86.198]) by inpost2.zedat.fu-berlin.de (Exim 4.69) with esmtpsa (envelope-from ) id <1Jr8BJ-00008o-22>; Wed, 30 Apr 2008 11:00:53 +0200 Message-ID: <48183529.2040309@zedat.fu-berlin.de> Date: Wed, 30 Apr 2008 09:00:25 +0000 From: "O. Hartmann" Organization: Freie =?ISO-8859-15?Q?Universit=E4t_Berlin?= User-Agent: Thunderbird 2.0.0.12 (X11/20080422) MIME-Version: 1.0 To: Jonathan Chen References: <4816F370.6070706@zedat.fu-berlin.de> <20080429105142.GA69915@osiris.chen.org.nz> <4816FFEA.9030009@zedat.fu-berlin.de> In-Reply-To: <4816FFEA.9030009@zedat.fu-berlin.de> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 130.133.86.198 Cc: freebsd-questions@freebsd.org Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 09:00:54 -0000 O. Hartmann wrote: > Jonathan Chen wrote: >> On Tue, Apr 29, 2008 at 10:07:44AM +0000, O. Hartmann wrote: >>> Hello out there, >>> my question may sound a bit weird, but the situation is as follows: >>> >>> I use OpenLDAP 2.4 for authetication purposes within our lab's net >>> and every user's account is of the objectclass 'posixAccount'. As we >>> know, this class does not contain the attribute 'host', which belongs >>> to structural class 'account' and both posixAccount and account are >>> of type structural and therefore can not be mixed. >> >> Is there really such a rule? There's an of examples in >> O'Reilly's "LDAP System Administration" that has a mixed >> "account" + "posixAccount" objectClasses for a node to implement >> the situation of: One User and a Group of Hosts. > > Well, simply try to include both structural object classes 'account' and > posixAccount and you'll get a class violation - so it is here ... > > Oliver > > P.S. O'Reilly's book seems to be a little bit outdated, it reflects > schemata prior to OpenLDAP 2.3 I guess and I use 2.4 by the way. I read > many turoials mixin up both account and posixAccount but this isn't > allowed any more with newer versions - as I understand. > Sorry, I made a mistake, 'account' and 'inetOrgPerson' and 'person' collide, not 'posixAccount', so it's my fault. Oliver