[Date Prev][Date Next] [Chronological] [Thread] [Top]

Assigning profile info: Groups or extra attribute?

To: OpenLDAP List <openldap-general@OpenLDAP.org>
Subject: Assigning profile info: Groups or extra attribute?
From: Luca VEZZADINI <GVEZZADINI@businessobjects.com>
Date: Tue, 11 Jan 2000 17:22:10 +0100

Hi there,

I am thinking about how I could modify an LDAP schema to add extra
information about the users. I need to assign some kind of profile
information to each user; that info is used by some legacy applications to
grant different levels of permissions to users (something like the NT
groups, but used only by some specific software). I see two possible ways of
achieving that: adding an attribute to the user definition or creating
groups and adding users to them.

After some thoughts, I feel that adding an attribute on the user class is
not that clean, for example because there is no easy way to guarantee that
values entered match the list of available profiles. But on the other side
adding groups only for a specific application may not be a great idea.

Does anybody have suggestions about this? I wonder in particular what would
be the best approach in terms of search performance (a typical question the
server would have to answer is "how many users have the X profile?").

Thanks,

     Luca

Follow-Ups:
- RH61 pam_ldap
  - From: Purwanto <purwanto@makro.co.id>

Prev by Date: Re: MIME-type for LDIF data
Next by Date: RH61 pam_ldap
Index(es):
- Chronological
- Thread