On Friday 14 November 2008 14:32, O. Hartmann wrote: > Hello, > I have a OT question and maybe some of the FreeBSD server admins here > can help me out. [snip] > Having nss_ldap and pam_ldap installed on every single FreeBSD > server/box which is capable of being accessed I found in etc/ldap.conf > the tags 'pam_filter' and 'pam_check_host_attr'. Setting latter to > 'yes' implies having the 'host' attribute in each user's object located > in OpenLDAP's DIT for the specific domain. But objectClass=account seems > to conflict with objectClass=organizationalPeople which is a must in our > configuration, so the host attribute is not of any further investigation.
Did you not like the answer I gave you in April when you asked essentially the same question? http://lists.freebsd.org/pipermail/freebsd-questions/2008-April/174152.html For posterity (again) the extensibleObject auxiliary objectClass was introduced for precisely this reason - so that you could add any attribute the server knows about to an existing object which otherwise couldn't hold it. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
