[Fedora-directory-users] Wishlist
Rich Megginson
rmeggins at redhat.com
Fri Aug 26 15:23:59 UTC 2005
Jeff Clowser wrote:
> Rich Megginson wrote:
>
>> Jeff Clowser wrote:
>>
>>> suppose that might be more clearly stated in the X.501 spec?).
>>> Sounds like I am stepping into an LDAP/X.50x holy war :)
>>
>>
>> I'm sure the folks on the ldap umich list will be happy to provide
>> their interpretations :-)
>
>
> Heh :)
>
>> I propose the creation of a new objectclass that will be AUXILIARY
>> and also be a subclass of posixAccount. This objectclass will
>> contain the "host" attribute (other attributes?). In order to make
>> host based access restriction work, you would simply add this
>> objectclass and host attribute to any existing user, even if they
>> already have the posixAccount objectclass. I'm not sure what a good
>> name for this objectclass would be - perhaps posixAccountExt or ???
>> At any rate, applications that use the search filter
>> (objectclass=posixAccount) to get entries that contain the host
>> attribute would continue to work. This would simplify new account
>> creation because you could just use the new objectclass instead of
>> posixAccount and it would inherit all of the posixAccount attributes.
>>
> Are you proposing this simply as "lets all agree on this list on
> something", as "a schema extension that comes with FDS", or as a new
> standard oc, with properly registered OIDs and all? If a new standard
> oc, how hard is it to do that - not something I've ever done. I would
> like the third mainly because it makes it easier for for
> interoperability, but I can live with either of the other two. Would
> make sense to discuss if there are other attributes to add while we're
> at it.
I would like it to be a standard as well, but at the same time, solve
the existing problems our users have. Perhaps there is even enough time
to get the "host" attribute added to rfc2307 bis. If not, then this
specification would go through the RFC track, as either a Proposed
Standard or an Informational RFC. http://www.ietf.org/tao.html#6
>
> - Jeff
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20050826/47d6fddf/attachment.bin>
More information about the Fedora-directory-users
mailing list