[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    [pamldap] local/global userPassword
From:       Arvid Requate <arvid () Team ! OWL-Online ! DE>
Date:       2000-09-01 14:34:10
[Download RAW message or body]

Hi,

I'm deploying openLDAP in an environment where on user can have
several homedirectories on different machines.

We want do have a global user profile with a mailadress as DN:
mail=<user@domain>,ou=people,o=<org>
which stores inetOrgPerson information and holds a default userPassword.

We also need local profiles for every account with the DN
uid=<user>,ou=<domain>,o=<org>
which stores uid etc. but possibly no local userPassword, if we want
to user the global one.

What we also want to do is:
use pam_ldap which searches for uid=<user> under DN: ou=<domain>,o=<org>
on every machine.

Now, pam will not find a userPassword there. Problem.
Is it possible to get the server to chase a kind of symbolic link to
the userPassword attribute of the global profile here?
(optimal would be if it does this only if there's no local userPassword)

If this is impossible (I'm also investigating the openldap list), wouldn't
this kind of data design be good, and one could implement this kind
fallback mechanism in pam_ldap ?

Thanks for your ideas
	Arvid Requate

-- 
"You might write faster code in C, but you'll write code faster in Perl"

[prev in list] [next in list] [prev in thread] [next in thread]