Date: Wed, 30 Apr 2008 09:00:25 +0000 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Jonathan Chen <jonc@chen.org.nz> Cc: freebsd-questions@freebsd.org Subject: Re: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? Message-ID: <48183529.2040309@zedat.fu-berlin.de> In-Reply-To: <4816FFEA.9030009@zedat.fu-berlin.de> References: <4816F370.6070706@zedat.fu-berlin.de> <20080429105142.GA69915@osiris.chen.org.nz> <4816FFEA.9030009@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
O. Hartmann wrote: > Jonathan Chen wrote: >> On Tue, Apr 29, 2008 at 10:07:44AM +0000, O. Hartmann wrote: >>> Hello out there, >>> my question may sound a bit weird, but the situation is as follows: >>> >>> I use OpenLDAP 2.4 for authetication purposes within our lab's net >>> and every user's account is of the objectclass 'posixAccount'. As we >>> know, this class does not contain the attribute 'host', which belongs >>> to structural class 'account' and both posixAccount and account are >>> of type structural and therefore can not be mixed. >> >> Is there really such a rule? There's an of examples in >> O'Reilly's "LDAP System Administration" that has a mixed >> "account" + "posixAccount" objectClasses for a node to implement >> the situation of: One User and a Group of Hosts. > > Well, simply try to include both structural object classes 'account' and > posixAccount and you'll get a class violation - so it is here ... > > Oliver > > P.S. O'Reilly's book seems to be a little bit outdated, it reflects > schemata prior to OpenLDAP 2.3 I guess and I use 2.4 by the way. I read > many turoials mixin up both account and posixAccount but this isn't > allowed any more with newer versions - as I understand. > Sorry, I made a mistake, 'account' and 'inetOrgPerson' and 'person' collide, not 'posixAccount', so it's my fault. Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48183529.2040309>