From owner-freebsd-questions@FreeBSD.ORG Wed Apr 30 09:22:51 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F7D1106566C for ; Wed, 30 Apr 2008 09:22:51 +0000 (UTC) (envelope-from jonathan@hst.org.za) Received: from hermes.hst.org.za (onix.hst.org.za [209.203.2.133]) by mx1.freebsd.org (Postfix) with ESMTP id 4E6A48FC1E for ; Wed, 30 Apr 2008 09:22:49 +0000 (UTC) (envelope-from jonathan@hst.org.za) Received: from sysadmin.hst.org.za (sysadmin.int.dbn.hst.org.za [10.1.1.20]) (authenticated bits=0) by hermes.hst.org.za (8.13.8/8.13.8) with ESMTP id m3U9Lo9K019294 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Wed, 30 Apr 2008 11:21:51 +0200 (SAST) (envelope-from jonathan@hst.org.za) From: Jonathan McKeown Organization: Health Systems Trust To: freebsd-questions@freebsd.org Date: Wed, 30 Apr 2008 11:24:50 +0200 User-Agent: KMail/1.7.2 References: <4816F370.6070706@zedat.fu-berlin.de> <4816FFEA.9030009@zedat.fu-berlin.de> <48183529.2040309@zedat.fu-berlin.de> In-Reply-To: <48183529.2040309@zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200804301124.50382.jonathan@hst.org.za> X-Spam-Score: -4.399 () ALL_TRUSTED,BAYES_00 X-Scanned-By: MIMEDefang 2.61 on 209.203.2.133 Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 09:22:51 -0000 On Wednesday 30 April 2008 11:00, O. Hartmann wrote: > O. Hartmann wrote: > > Jonathan Chen wrote: > >> On Tue, Apr 29, 2008 at 10:07:44AM +0000, O. Hartmann wrote: > >>> Hello out there, > >>> my question may sound a bit weird, but the situation is as follows: > >>> > >>> I use OpenLDAP 2.4 for authetication purposes within our lab's net > >>> and every user's account is of the objectclass 'posixAccount'. As we > >>> know, this class does not contain the attribute 'host', which belongs > >>> to structural class 'account' and both posixAccount and account are > >>> of type structural and therefore can not be mixed. > >> > >> Is there really such a rule? It's true that an object can only belong to one structural class (although it can belong to many auxiliary classes). I use the auxiliary class extensibleObject, which allows you to add any attribute to an LDAP object. My user accounts have three object classes: inetOrgPerson (the structural class), posixAccount and extensibleObject. The rules for the first two are still enforced, but I am able to add the Host: attribute. Jonathan