Rich Megginson wrote:
Jeff Clowser wrote:
suppose that might be more clearly stated in the X.501 spec?).
Sounds like I am stepping into an LDAP/X.50x holy war :)
I'm sure the folks on the ldap umich list will be happy to provide
their interpretations :-)
Heh :)
I propose the creation of a new objectclass that will be AUXILIARY and
also be a subclass of posixAccount. This objectclass will contain the
"host" attribute (other attributes?). In order to make host based
access restriction work, you would simply add this objectclass and
host attribute to any existing user, even if they already have the
posixAccount objectclass. I'm not sure what a good name for this
objectclass would be - perhaps posixAccountExt or ??? At any rate,
applications that use the search filter (objectclass=posixAccount) to
get entries that contain the host attribute would continue to work.
This would simplify new account creation because you could just use
the new objectclass instead of posixAccount and it would inherit all
of the posixAccount attributes.
Are you proposing this simply as "lets all agree on this list on
something", as "a schema extension that comes with FDS", or as a new
standard oc, with properly registered OIDs and all? If a new standard
oc, how hard is it to do that - not something I've ever done. I would
like the third mainly because it makes it easier for for
interoperability, but I can live with either of the other two. Would
make sense to discuss if there are other attributes to add while we're
at it.
- Jeff
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
