Hi all,
I am looking to make use of the password passthru module for authentication, but have been considering the best way to do so without modifying schema. Ultimately I may anyway, but here's the situation and question: I need to construct an identity to use for kerberos authentication, where the kerberos user principle will be the same as the 'uid' attribute already defined for the person + @ + the AD domain. The AD domain will be one of potentially 4 values depending on region; in my case really just one of two: "na.example.com" or "eu.example.com".
So, can I construct an attribute on the fly which is built from two other attributes?
I have already worked out that I can probably benefit from using a classic cosAttribute, defining 'locality' for each user as being 'NA' or 'EU' or possibly more specific values (what is locality generally used for? city? state? country?) and having a template which then defines the 'domain' attribute based on that locality. Maybe it is just as easy to store the domain attribute per user directly. Maybe I just make the locality equal to the proper domain.
But I also can consider doing something where the domain would depend upon the range that the uidNumber is in, except I don't know how to do so. Sort of like a cosAttribute, but the value depends on the range of uidNumber, not a specific value. A bit like using a view. Any ideas?
-M
389-users@lists.fedoraproject.org