On Fri, Sep 27, 2013 at 10:16:43PM +0200, Michael Ströder wrote:
Did not follow this thread closely. But one should be aware of ITS#6825 when
planning to use slapo-unique for a more complex setup.
unique_uri filter reaching beyond its intended target
On Fri, Sep 27, 2013 at 01:23:54AM -2100, Zeus Panchenko wrote:
overlay unique
unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=SMTP)
unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=IMAP)
unique_uri ldap:///ou=People,dc=org?uid?sub?(authorizedService=POP3)
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
That can be done - it is just a matter of choosing a naming structure
that allows it.
that's simple but was not obvious to me :(
That one won't work, as there is no way to link the individual uid and
userPassword values. You need one LDAP
On Fri, Sep 27, 2013 at 02:25:24PM +0300, Zeus Panchenko wrote:
have I create dedicated object like:
dn: authorizedService=YYY,uid=AAA,dc=ZZZ
before configuring the service for the user like:
dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ
or the second one will be enough?
You have to
Andrew Findlay wrote:
That should already be covered by the unique overlay setup.
Did not follow this thread closely. But one should be aware of ITS#6825 when
planning to use slapo-unique for a more complex setup.
unique_uri filter reaching beyond its intended target
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
mmm ... will not it prevent non-uniqueness only for parent DN-s? while
what I'm trying to ask (I'm sorry for muddled up explanation what I mean)
about is - uniqueness for the uid *in* the entry ... so, the uniqueness
of the attribute
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
...
You would end up creating two new attributes for each service type,
and OpenLDAP would still not check the passwords for you in a useful way.
Better method: Create a sub-entry below the user entry for each service.
The
On Fri, Aug 09, 2013 at 04:17:02PM +0300, Zeus Panchenko wrote:
the uniqueness while *creating* the dn ... since for dn-s
dn: authorizedService=target-service,uid=target-user1,ou=People,dc=org
dn: authorizedService=target-service,uid=target-user2,ou=People,dc=org
...
dn:
Just crazy idea...
several attributes for user passwords (userPassword1, userPassword2,
...) in user account and proxy-mapping overlay (slapo-translucent?
slapo-rwm?) with mapping attribute userPassword into userPassword1 or
userPassword2 with dependencies from service IP.
WBR
On
On Fri, Aug 09, 2013 at 05:53:57PM +0300, Zeus Panchenko wrote:
To: Andrew Findlay andrew.find...@skills-1st.co.uk
Please keep replies on the list so that they become searchable
and everyone can benefit.
here is the diagram depicting what I am thinking about while talking :)
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
Do you reall want every user account on every service to have a
different username?
to be honest, I do not want, but in practice when I need to land some
mail domain with whole it's users at my MTA, I need to decide what
to do with widely
Andrew Findlay wrote:
On Thu, Aug 01, 2013 at 10:41:25AM +0300, Zeus Panchenko wrote:
I need to set separate credentials for each service I provide
(optionally) to my users
That seems perverse - most of us work hard to *reduce* the number of
different usernames and passwords that each
On Thu, Aug 01, 2013 at 10:41:25AM +0300, Zeus Panchenko wrote:
I need to set separate credentials for each service I provide
(optionally) to my users
That seems perverse - most of us work hard to *reduce* the number of
different usernames and passwords that each person has to use!
I think
hi all,
please, may somebody advice
I need to set separate credentials for each service I provide
(optionally) to my users
I think of something like this:
dn: uid=target-user,ou=People,dc=ibs
userPassword: **
...
authorizedService: xmpp
authorizedService: smtp
authorizedService: pop
On 08/01/13 10:41 +0300, Zeus Panchenko wrote:
hi all,
please, may somebody advice
I need to set separate credentials for each service I provide
(optionally) to my users
I think of something like this:
dn: uid=target-user,ou=People,dc=ibs
userPassword: **
...
authorizedService: xmpp
15 matches
Mail list logo