From owner-freebsd-questions@FreeBSD.ORG Wed Apr 30 14:43:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 449E6106566B for ; Wed, 30 Apr 2008 14:43:46 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224]) by mx1.freebsd.org (Postfix) with ESMTP id F1BB08FC13 for ; Wed, 30 Apr 2008 14:43:45 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: by wr-out-0506.google.com with SMTP id 50so362085wra.13 for ; Wed, 30 Apr 2008 07:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; bh=14732KMDID6yEBhlb3V2+3y8GuA1tybyxzQNokOdlhQ=; b=WtkSgOHReFWuJYrMttp2ECcdN9xIBRkDoEbkAybyihquBn2QNAAG9i8QYbaXQtE8VUrL8TPY8XYwoOilF6PDkQiSmHbqYDDhhCF3oGhWDUtCaAznMM4Pv/+BH6sbOfE5z+E0vpNSIYJSIA77w8LwROza4UH97Ag3qTyya/DQFkU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=dtpAFk+5hQEoRcceHCAbERRD+r57ZPjPRxcBqhASXHSCA/7RCOQOyruKLKgMdtQ4ivhqa6M9yZLHudMTMRBgGBHRlYsZH6dGqeOfc3SHlWxZrVBhSZMoj4M91kJVPkzWpXy32X6DFTONTjuXYmvBI//bDMQKkqpq4T0aMO1gE3w= Received: by 10.141.122.20 with SMTP id z20mr328823rvm.293.1209566624828; Wed, 30 Apr 2008 07:43:44 -0700 (PDT) Received: by 10.140.126.11 with HTTP; Wed, 30 Apr 2008 07:43:44 -0700 (PDT) Message-ID: <226ae0c60804300743x3d92cb28lbff81cf37b49df65@mail.gmail.com> Date: Wed, 30 Apr 2008 10:43:44 -0400 From: "David Robillard" To: "Jonathan McKeown" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: FreeBSD Questions Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 14:43:46 -0000 > On Wednesday 30 April 2008 11:00, O. Hartmann wrote: [ --- 8< --- SNIP! --- 8< --- ] > It's true that an object can only belong to one structural class (although it > can belong to many auxiliary classes). > > I use the auxiliary class extensibleObject, which allows you to add any > attribute to an LDAP object. My user accounts have three object classes: > inetOrgPerson (the structural class), posixAccount and extensibleObject. The > rules for the first two are still enforced, but I am able to add the Host: > attribute. > > Jonathan That sounds very interesting Jonathan. Could you please share with us the complete LDIF data used to create such a user? Something like this for example: # test.user.ldif # # Create a test user. dn: cn=test.user, ou=users, dc=domain, dc=com objectclass: top objectclass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: Test User sn: test.user uid: test.user userPassword: {SSHA}GmbwsRvJugoiT5NIIJ2bk+5YVfWMUVa1 uidNumber: 9999 gidNumber: 9999 gecos: Test User mail: test.user@domain.com telephonenumber: 123 456 7890 x1234 loginShell: /usr/local/bin/bash homeDirectory: /nfs/home/test.user # Link this user to it's group. dn: cn=test, ou=groups, dc=domain, dc=com objectClass: top objectClass: posixGroup cn: test gidNumber: 9999 memberUid: test.user # EOF Many thanks, DA+ -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122