MJD Shop Account
2007-Apr-06 18:02 UTC
[Fedora-directory-users] constructing attribute from two others
Hi all, I am looking to make use of the password passthru module for authentication, but have been considering the best way to do so without modifying schema. Ultimately I may anyway, but here''s the situation and question: I need to construct an identity to use for kerberos authentication, where the kerberos user principle will be the same as the ''uid'' attribute already defined for the person + @ + the AD domain. The AD domain will be one of potentially 4 values depending on region; in my case really just one of two: "na.example.com" or "eu.example.com". So, can I construct an attribute on the fly which is built from two other attributes? I have already worked out that I can probably benefit from using a classic cosAttribute, defining ''locality'' for each user as being ''NA'' or ''EU'' or possibly more specific values (what is locality generally used for? city? state? country?) and having a template which then defines the ''domain'' attribute based on that locality. Maybe it is just as easy to store the domain attribute per user directly. Maybe I just make the locality equal to the proper domain. But I also can consider doing something where the domain would depend upon the range that the uidNumber is in, except I don''t know how to do so. Sort of like a cosAttribute, but the value depends on the range of uidNumber, not a specific value. A bit like using a view. Any ideas? -M