Date: Wed, 30 Apr 2008 11:24:50 +0200 From: Jonathan McKeown <jonathan@hst.org.za> To: freebsd-questions@freebsd.org Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? Message-ID: <200804301124.50382.jonathan@hst.org.za> In-Reply-To: <48183529.2040309@zedat.fu-berlin.de> References: <4816F370.6070706@zedat.fu-berlin.de> <4816FFEA.9030009@zedat.fu-berlin.de> <48183529.2040309@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 30 April 2008 11:00, O. Hartmann wrote: > O. Hartmann wrote: > > Jonathan Chen wrote: > >> On Tue, Apr 29, 2008 at 10:07:44AM +0000, O. Hartmann wrote: > >>> Hello out there, > >>> my question may sound a bit weird, but the situation is as follows: > >>> > >>> I use OpenLDAP 2.4 for authetication purposes within our lab's net > >>> and every user's account is of the objectclass 'posixAccount'. As we > >>> know, this class does not contain the attribute 'host', which belongs > >>> to structural class 'account' and both posixAccount and account are > >>> of type structural and therefore can not be mixed. > >> > >> Is there really such a rule? It's true that an object can only belong to one structural class (although it can belong to many auxiliary classes). I use the auxiliary class extensibleObject, which allows you to add any attribute to an LDAP object. My user accounts have three object classes: inetOrgPerson (the structural class), posixAccount and extensibleObject. The rules for the first two are still enforced, but I am able to add the Host: attribute. Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804301124.50382.jonathan>