Andrew Findlay <andrew.find...@skills-1st.co.uk> wrote: > ... > You would end up creating two new attributes for each service type, > and OpenLDAP would still not check the passwords for you in a useful way. > > Better method: Create a sub-entry below the user entry for each service. > The service-specific entry can use the standard 'uid' and 'userPassword' > attributes, and you just need to make sure that each service includes the > authorizedService attribute when searching for the entry to authenticate. > ...
is there way to avoid target service uid clashing in this case? lets say I have two users with name John and I need to give each one acces to some service, but both of them wish the service uid=john (for example, it is common issue for MTA serving different mail domains with different user space for each one) so what is needed to provide uniqueness of attribute `uid' for each dn: authorizedService=target-service,uid=target-user,ou=People,dc=org is it possible to do that inside OpenLDAP or have it to be performed via something like analyzing the output of ldapsearch ... "(&(uid=target-user)(authorizedService=target-service))" dn -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)