Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For example, there is a standard LDAP schema  defined in RFC 2302 that is used to represent UNIX (NIS) accounts in LDAP servers. This schema defines the posixAccount auxiliary object class which can be added to ordinary account object classes. If this auxiliary object class is added then the account has UNIX-specific attributes such as uidNumber and gidNumer gidNumber. The following configuration example illustrates the case of posixAccount auxiliary object class that is always added to all the accounts on a resource (inetOrgPerson is the structural object class here):

...

The mechanism that usually decides whether a user should have UNIX account or not is RBAC. If the user has a role that gives a UNIX account than then the account should have posixAccount auxiliary object class. If the user does not have such a role there should be just the structural object class. MidPoint supports this configuration. In this case the resource configuration contains only the structural object class:

...