2010/1/9 Michael Ströder <[email protected]> > Hung Luu wrote: > > > > 2010/1/9 Michael Ströder <[email protected] > > <mailto:[email protected]>> > > > > Hung Luu wrote: > > > Suppose I have the following DN's: > > > > > > inetOrgPerson: > > > [uid=alice,dc=example,dc=com] > > > > > > organizationalRole: > > > [cn=manager,ou=groups,dc=example,dc=com] > > > [cn=supervisor,ou=groups,dc=example,dc=com] > > > > > > locality: > > > [l=phoenix,ou=division,dc=example,dc=com] > > > [l=portland,ou=division,dc=example,dc=com] > > > > > > How can I store in my directory the fact that Alice is a manger at > the > > > Phoenix division, but she is only a supervisor at the Portland > > division? > > > I know group membership is involved here, but what's the best way > to > > > represent that group membership to optimize searches such as: > > Return all > > > the people with a specific role at a specific locality, or return > all > > > the roles and localities for a person. > > > > You could also use slapo-memberof to populate the member entries with > a > > back-reference to the group entries which make some queries a lot > > easier. > > > > Suppose I have a group of roles and a group of localities, so that I > > have the following representation of group membership: > > > > [cn=manager,ou=groups,dc=example,dc=com] > > member: uid=alice,ou=people,dc=example,dc=com > > > > [cn=supervisor,ou=groups,dc=example,dc=com] > > member: uid=alice,ou=people,dc=example,dc=com > > > > [l=phoenix,ou=divisions,dc=example,dc=com] > > member: uid=alice,ou=people,dc=example,dc=com > > > > [l=portland,ou=divisions,dc=example,dc=com] > > member: uid=alice,ou=people,dc=example,dc=com > > > > How will slapo-memberof tell me which role Alice has at which locality? > > What would the query look like? > > Sorry, seems I mis-read your requirement. Off course you have to store the > relation in some kind of 2-tuple. You could create entries for the > organizational roles below the locations if that isn't too static. > > Ciao, Michael. >
No worries, Michael, I really appreciate your input (and everyone who has replied). My use cases dictate that every locality may have the same set of roles, so do you see a better way to accomplish this other than duplicating role entries under each locality? The other thing I was contemplating was to flip group membership around so that groups become members of a user, something like this: [ou=alice,ou=people,dc= example,dc=com] [cn=role1] member: cn=manager,ou=groups,dc=example,dc=com member: l=phoenix,ou=divisions,dc=example,dc=com [cn=role2] member: cn=supervisor,ou=groups,dc=example,dc=com member: l=portland,ou=divisions,dc=example,dc=com This layout saved me from duplicating role entries under each locality, but something about this layout smells to me, it just doesn't feel right for some reason. Thanks, Hung.
