OpenLDAP/FreeBSD: How to implement attribute HOST without
STRUCTURAL account?
Jonathan McKeown
jonathan at hst.org.za
Wed Apr 30 09:22:51 UTC 2008
On Wednesday 30 April 2008 11:00, O. Hartmann wrote:
> O. Hartmann wrote:
> > Jonathan Chen wrote:
> >> On Tue, Apr 29, 2008 at 10:07:44AM +0000, O. Hartmann wrote:
> >>> Hello out there,
> >>> my question may sound a bit weird, but the situation is as follows:
> >>>
> >>> I use OpenLDAP 2.4 for authetication purposes within our lab's net
> >>> and every user's account is of the objectclass 'posixAccount'. As we
> >>> know, this class does not contain the attribute 'host', which belongs
> >>> to structural class 'account' and both posixAccount and account are
> >>> of type structural and therefore can not be mixed.
> >>
> >> Is there really such a rule?
It's true that an object can only belong to one structural class (although it
can belong to many auxiliary classes).
I use the auxiliary class extensibleObject, which allows you to add any
attribute to an LDAP object. My user accounts have three object classes:
inetOrgPerson (the structural class), posixAccount and extensibleObject. The
rules for the first two are still enforced, but I am able to add the Host:
attribute.
Jonathan
More information about the freebsd-questions
mailing list