Linking attributes

General Discussion about LDAP Administrator

Moderator: Support

Linking attributes

Postby theands » Mon May 12, 2008 4:54 am

Hello everyone,

I was wondering if what I am about to ask is possible, I have spent hours researching it and still looking for a solution.

Currently I have a ldap directory with several branches.

--Root
----ou=Samba accounts
----ou=Website accounts
----ou=VPN accounts
----ou=Email accounts


and so on.
Every account has a userPassword field which means that if a user changes his password under one of the systems (eg. websites), the password will not change on the others.Which will mean inconsistent passwords between the different services and in turn more tedious support work. Ultimately I would like to syncronise all the passwords between all the systems.

Is there anyway of adding a new OU called ou=passwords. Within the ou passwords I will have a simple-security-object which will contain the username+password.

Is there anyway I can link the attribute userPassword attribute within samba schema, emailaccounts schema so on to the simple security object that resides in the ou=password.

Is this possible?
theands
 
Posts: 7
Joined: Tue Nov 13, 2007 2:05 am

Postby enewman » Wed May 21, 2008 4:22 pm

Why are you doing it this way? Is there any reason for users to have multiple accounts - one per service. I would have thought a single OU for user accounts and managing access through groups kight give a more flexible solution.
enewman
 
Posts: 2
Joined: Mon Mar 27, 2006 12:33 pm

Postby theands » Wed May 21, 2008 11:56 pm

I found that a OU for each account was to messy. I know the rule is "keep your tree as flat as possible" But I did not like it at all, looked really messy.
theands
 
Posts: 7
Joined: Tue Nov 13, 2007 2:05 am


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 0 guests

cron