Re: reference to other entry - question
Buchan Milne wrote: On Wednesday, 4 July 2007, Marcin Giedz wrote: Gavin Henry napisał(a): quote who=Marcin Giedz Is there any way to do something like this without copying all data many times. 1) there is entry: uid=user1,ou=people,dc=xx,dc=x The entry has objectClass = person, posixAccount etc.. So there is attribute userPassword. 2) there are entries: [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x, I think your design is a bit strange. Why not have these mail attributes as part of the user entry like: mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] And then do your search. You then only need one userPassword. Answer is quite simple. I need to have different aliases and virtual accounts for different virtual domains. So basically I need to split domains and add email accounts respectively to them. This requirement doesn't preclude the solution Gavin proposed. In fact, I have a system running similar to this (however using mailAlternateAddress). Can you explain why you can't just effectively have multiple aliases which span multiple domains on one entry ? Is it some limitation in your MTA, or your configuration ? For example, if the only reason you can't use this is because you are using mail as the naming attribute ... maybe you should select a different naming attribute? No it's not because of mail attrib it's rather because of homeDirectory. For every virtual domain I need to have different homeDirectory. So when [EMAIL PROTECTED] logs in it is given, homeDirectory=/home/user1/dom1/ but when logs in as [EMAIL PROTECTED] - homeDirectory=/home/user1/dom2/ . that's why I need to distinguish this attribute in LDAP. My first idea was to build overlay to update userPassword for particular user in EVERY entry in LDAP - but building such overlay is not so trivial. Really thanks for your help. Regards, Marcin Regards, Buchan -- ARISE M.Giedz, T.Żebruń sp.j. http: www.arise.pl mail: [EMAIL PROTECTED] tel: +48 502 537 157
Re: reference to other entry - question
On Wednesday, 4 July 2007, Marcin Giedz wrote: Gavin Henry napisał(a): quote who=Marcin Giedz Is there any way to do something like this without copying all data many times. 1) there is entry: uid=user1,ou=people,dc=xx,dc=x The entry has objectClass = person, posixAccount etc.. So there is attribute userPassword. 2) there are entries: [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x, I think your design is a bit strange. Why not have these mail attributes as part of the user entry like: mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] And then do your search. You then only need one userPassword. Answer is quite simple. I need to have different aliases and virtual accounts for different virtual domains. So basically I need to split domains and add email accounts respectively to them. This requirement doesn't preclude the solution Gavin proposed. In fact, I have a system running similar to this (however using mailAlternateAddress). Can you explain why you can't just effectively have multiple aliases which span multiple domains on one entry ? Is it some limitation in your MTA, or your configuration ? For example, if the only reason you can't use this is because you are using mail as the naming attribute ... maybe you should select a different naming attribute? Regards, Buchan -- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI74592) http://en.wikipedia.org/wiki/List_of_Internet_slang_phrases pgpcStUlSMIGW.pgp Description: PGP signature
Re: reference to other entry - question
quote who=Marcin Giedz Is there any way to do something like this without copying all data many times. 1) there is entry: uid=user1,ou=people,dc=xx,dc=x The entry has objectClass = person, posixAccount etc.. So there is attribute userPassword. 2) there are entries: [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x, I think your design is a bit strange. Why not have these mail attributes as part of the user entry like: mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] And then do your search. You then only need one userPassword. however I had to copy some attributes from uid=user1,ou=people,dc=xx,dc=x like userPassword (with objectClass') to every entry @dom1,@dom2,@dom3 to be able to authenticate such user. Now I'm wondering if there is any way to NOT copy attribute userPassword (and others) to @dom1 but rather create reference to uid=user1,ou=people,dc=xx,dc=x in every @domX so when ldapsearch is performed I will be able to get userPassword using filter ([EMAIL PROTECTED]) and authenticate user1? Regards, Marcin -- ARISE M.Giedz, T.ŻebruŠsp.j. http: www.arise.pl mail: [EMAIL PROTECTED] tel: +48 502 537 157
Re: reference to other entry - question
Gavin Henry napisał(a): quote who=Marcin Giedz Is there any way to do something like this without copying all data many times. 1) there is entry: uid=user1,ou=people,dc=xx,dc=x The entry has objectClass = person, posixAccount etc.. So there is attribute userPassword. 2) there are entries: [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x [EMAIL PROTECTED],ou=domains,dc=xx,dc=x, I think your design is a bit strange. Why not have these mail attributes as part of the user entry like: mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] And then do your search. You then only need one userPassword. Answer is quite simple. I need to have different aliases and virtual accounts for different virtual domains. So basically I need to split domains and add email accounts respectively to them. Regards, Marcin however I had to copy some attributes from uid=user1,ou=people,dc=xx,dc=x like userPassword (with objectClass') to every entry @dom1,@dom2,@dom3 to be able to authenticate such user. Now I'm wondering if there is any way to NOT copy attribute userPassword (and others) to @dom1 but rather create reference to uid=user1,ou=people,dc=xx,dc=x in every @domX so when ldapsearch is performed I will be able to get userPassword using filter ([EMAIL PROTECTED]) and authenticate user1? Regards, Marcin -- ARISE M.Giedz, T.Å»ebruÅ„ sp.j. http: www.arise.pl mail: [EMAIL PROTECTED] tel: +48 502 537 157 -- ARISE M.Giedz, T.Żebruń Sp.j. http: www.arise.pl mail: [EMAIL PROTECTED] tel: +48 502 537 157