Date: Wed, 30 Apr 2008 10:43:44 -0400 From: "David Robillard" <david.robillard@gmail.com> To: "Jonathan McKeown" <jonathan@hst.org.za> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? Message-ID: <226ae0c60804300743x3d92cb28lbff81cf37b49df65@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> On Wednesday 30 April 2008 11:00, O. Hartmann wrote:
[ --- 8< --- SNIP! --- 8< --- ]
> It's true that an object can only belong to one structural class (although it
> can belong to many auxiliary classes).
>
> I use the auxiliary class extensibleObject, which allows you to add any
> attribute to an LDAP object. My user accounts have three object classes:
> inetOrgPerson (the structural class), posixAccount and extensibleObject. The
> rules for the first two are still enforced, but I am able to add the Host:
> attribute.
>
> Jonathan
That sounds very interesting Jonathan. Could you please share with us
the complete LDIF data used to create such a user?
Something like this for example:
# test.user.ldif
#
# Create a test user.
dn: cn=test.user, ou=users, dc=domain, dc=com
objectclass: top
objectclass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Test User
sn: test.user
uid: test.user
userPassword: {SSHA}GmbwsRvJugoiT5NIIJ2bk+5YVfWMUVa1
uidNumber: 9999
gidNumber: 9999
gecos: Test User
mail: test.user@domain.com
telephonenumber: 123 456 7890 x1234
loginShell: /usr/local/bin/bash
homeDirectory: /nfs/home/test.user
# Link this user to it's group.
dn: cn=test, ou=groups, dc=domain, dc=com
objectClass: top
objectClass: posixGroup
cn: test
gidNumber: 9999
memberUid: test.user
# EOF
Many thanks,
DA+
--
David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?226ae0c60804300743x3d92cb28lbff81cf37b49df65>