[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Five fundamental questions from a newbie
"Kurt D. Zeilenga" wrote:
>
> Organizational hierachy tend to change over time and hence
> should be avoided.
Additionally the organizational hierachy might not be public.
On the other hand ACLs might be more easier...
> Something like:
>
> mail=msteinbach@sendung.de, dc=sendung, dc=de
>
> would be less likely to change and hence would be better.
But some persons might not have an e-mail address. This gets
important if you want to store arbitrary contact information.
> (also note the use of dc= base DN is wise as it avoids having
> to register your o with your national authority... your domain
> is already registered (I presume)).
Well, if you really plan to integrate in a national or global
directory structure you have several other (mainly national)
restrictions (sigh!). In Germany it was decided to use old X.500
style (o=Organization,c=DE). I'm quite sure that there's no link
from "X.500 style" to "dc style" in the german hierarchy. (Correct
me if I'm wrong.)
> >Are there any disadvantages about this? To me this seems more
> >usefull and I was wondering why the written guide used
> >non-unique names...
X.500 history? When X.500 was defined not everybody had an e-mail
address nor UID. (IMHO that's what attributes uniqueIdentifier and
x500uniqueIdentifier were meant for: to overcome problems with
non-unique names). And IMHO RFC2307 and RFC2377 were written
later...
> >What is it good for that one makes an entry belong to more than
> >one objectClass?
>
> It is generally best to extended schema using auxiliary object
> classes...
Are you sure? IMHO it depends much on the application. An
application might be unhappy with your own auxiliary object class.
Just food for thought...
Ciao, Michael.