On 20/12/2011 10:57 πμ, Timo Sirainen wrote:
On Tue, 2011-12-20 at 10:47 +0200, Nikolaos Milas wrote:
So I added in the LDAP setup:
iterate_filter = (objectClass=*)and now everything works fine! Isn't that basically the same as an empty filter? What other types of objectClasses are there with user accounts? Perhaps the default should be changed to empty, or maybe to (uid=*)
I agree that the default should be changed to empty.
There are various ObjectClasses available.
For example, for normal user accounts (physical persons) the main objectClass we use is inetOrgPerson (with its parents: organizationalPerson, person) and for other, non-personal accounts we use objectClass: account.
posixAccount objectClass is added to particular accounts when we want to assign further access privileges, mainly shell and FTP.
Best regards, Nick