LDAP, FreeRadius, and Schema
Dusty Doris
freeradius at mail.doris.cc
Wed Nov 30 16:04:18 CET 2005
> Hi all,
>
> I was wondering what everyone uses for an account objectClass? Right now I'm
> using "Person", which makes the dn:
>
> cn=<user>,ou=Radius,dc=mydomain,dc=net
>
> However, indexing the cn would index the CN of other OU's as well ...
> ..
> I'm just wondering what people use. I know "Account" could also be used.
>
I extend my schema with RADIUS-LDAPv3.schema and use the radiusprofile
objectclass. However, mine is old and uses uid instead of cn, which is in
that file. You certainly could create your own objectclass or modify the
one that is there. I think you should stick with cn, since that is what
freeradius knows and you already use it. It will make maintanence and
upgrades much easier.
However, back to your problem. I don't see what the issue is with
indexing cn. If you are ever going to do searches on other OU's for a cn
attribute, you would probably hope that its indexed. The performance hit
you will take for indexing that attribute is probably not even close to
the performance gain you will get having cn indexed for searches.
This is especially true with the newest versions of openldap (2.3).
Dusty Doris
More information about the Freeradius-Users
mailing list