On 17/04/2011 21:23, Quanah Gibson-Mount wrote:
--On Sunday, April 17, 2011 1:07 PM +0300 George Mamalakis
<[email protected]> wrote:
Dear all,
I have a question regarding my openldap DIT design. My design so far is
based on the model: ou=people,dc=example,dc=com. It is very possible
that
I'll have to be able to find attributes of people belonging to some
specific group (eg, student, postgrad, etc). The easiest way to address
this issue for me would be to branch my DIT like this:
ou=undergrads,ou=people,dc=example,dc=com and
ou=postgrads,ou=people,dc=example,dc=com. On the other hand, I have
several classes that I would like to distinguish my users to apart from
this (like stuff, student, professors, etc.) but further sub-brunching
shows to me that there's something wrong with my design (since those
classes may dynamically change in the future).
This is a terrible way to organize things. Just use an attribute to
store group membership in the actual persons entries. It is quite
common for people to end up in more than one group. By using an
attribute in the user entry, then you can also easily create dynamic
groups as well.
You may want to look at:
<http://www.stanford.edu/services/directory/trees/people.html>
particularly things like "suAffiliation", "suDisplayAffiliation",
"suPrimaryOrganizationID", "suPrivilegeGroup", etc. EduPerson has
some useful attributes as well, but doesn't necessarily cover the full
scope of things you might want.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Quanah,
thanks a lot for your directions. I will consider them thoroughly in my
design.
--
George Mamalakis
IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
