Hi all,
I am looking to make use of the password passthru module for authentication, but have been
considering the best way to do so without modifying schema. Ultimately I may anyway, but
here's the situation and question: I need to construct an identity to use for
kerberos authentication, where the kerberos user principle will be the same as the
'uid' attribute already defined for the person + @ + the AD domain. The AD domain
will be one of potentially 4 values depending on region; in my case really just one of
two: "na.example.com" or "eu.example.com".
So, can I construct an attribute on the fly which is built from two other attributes?
I have already worked out that I can probably benefit from using a classic cosAttribute,
defining 'locality' for each user as being 'NA' or 'EU' or
possibly more specific values (what is locality generally used for? city? state? country?)
and having a template which then defines the 'domain' attribute based on that
locality. Maybe it is just as easy to store the domain attribute per user directly.
Maybe I just make the locality equal to the proper domain.
But I also can consider doing something where the domain would depend upon the range that
the uidNumber is in, except I don't know how to do so. Sort of like a cosAttribute,
but the value depends on the range of uidNumber, not a specific value. A bit like using a
view. Any ideas?
-M
Show replies by date