Andrew Findlay <[email protected]> wrote: > That can be done - it is just a matter of choosing a naming structure > that allows it.
that's simple but was not obvious to me :( > That one won't work, as there is no way to link the individual uid and > userPassword values. You need one LDAP entry per uid so either add > another layer to the tree > dn: authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org > authorizedService: xmpp.org > .... > > dn: uid=john,authorizedService=xmpp.org,uid=jdoe,ou=People,dc=org > authorizedService: xmpp.org > uid: john > userPassword: qwerty > .... I like it, thanks much have I create dedicated object like: dn: authorizedService=YYY,uid=AAA,dc=ZZZ before configuring the service for the user like: dn: uid=XXX,authorizedService=YYY,uid=AAA,dc=ZZZ or the second one will be enough? > Incidentally, you seem to be misusung some fields in the person > object: > > > cn: [email protected] > > sn: xmpp.org > > If you really don't want to put the real name there you should choose > a different objectclass that does not force you to fill in those > attributes. it is not to say I do not want to put it, but rather I want to have such possibility in case it could be demanded in the future as for the different classes ... I was trying to find it but faced the problem when the parent record, which contains objectclass: posixAccount objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person objectclass: inetLocalMailRecipient was refusing the child creation until the child belongs to that set of classes :( -- Zeus V. Panchenko jid:[email protected] IT Dpt., I.B.S. LLC GMT+2 (EET)
