OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account?

David Robillard david.robillard at gmail.com
Wed Apr 30 14:43:46 UTC 2008


> On Wednesday 30 April 2008 11:00, O. Hartmann wrote:

[ --- 8< --- SNIP! --- 8< --- ]

> It's true that an object can only belong to one structural class (although it
> can belong to many auxiliary classes).
>
> I use the auxiliary class extensibleObject, which allows you to add any
> attribute to an LDAP object. My user accounts have three object classes:
> inetOrgPerson (the structural class), posixAccount and extensibleObject. The
> rules for the first two are still enforced, but I am able to add the Host:
> attribute.
>
> Jonathan

That sounds very interesting Jonathan. Could you please share with us
the complete LDIF data used to create such a user?
Something like this for example:

# test.user.ldif
#
# Create a test user.

dn: cn=test.user, ou=users, dc=domain, dc=com
objectclass: top
objectclass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Test User
sn: test.user
uid: test.user
userPassword: {SSHA}GmbwsRvJugoiT5NIIJ2bk+5YVfWMUVa1
uidNumber: 9999
gidNumber: 9999
gecos: Test User
mail: test.user at domain.com
telephonenumber: 123 456 7890 x1234
loginShell: /usr/local/bin/bash
homeDirectory: /nfs/home/test.user

# Link this user to it's group.
dn: cn=test, ou=groups, dc=domain, dc=com
objectClass: top
objectClass: posixGroup
cn: test
gidNumber: 9999
memberUid: test.user

# EOF

Many thanks,

DA+
-- 
David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122


More information about the freebsd-questions mailing list