Re: Five fundamental questions from a newbie

[Michael Ströder <michael.stroeder@inka.de>]

"Kurt D. Zeilenga" wrote:
> 
> Organizational hierachy tend to change over time and hence
> should be avoided.

Additionally the organizational hierachy might not be public.
On the other hand ACLs might be more easier...

> Something like:
> 
>         mail=msteinbach@sendung.de, dc=sendung, dc=de
> 
> would be less likely to change and hence would be better.

But some persons might not have an e-mail address. This gets
important if you want to store arbitrary contact information.

> (also note the use of dc= base DN is wise as it avoids having
> to register your o with your national authority... your domain
> is already registered (I presume)).

Well, if you really plan to integrate in a national or global
directory structure you have several other (mainly national)
restrictions (sigh!). In Germany it was decided to use old X.500
style (o=Organization,c=DE). I'm quite sure that there's no link
from "X.500 style" to "dc style" in the german hierarchy. (Correct
me if I'm wrong.)

> >Are there any disadvantages about this? To me this seems more
> >usefull and I was wondering why the written guide used
> >non-unique names...

X.500 history? When X.500 was defined not everybody had an e-mail
address nor UID. (IMHO that's what attributes uniqueIdentifier and
x500uniqueIdentifier were meant for: to overcome problems with
non-unique names). And IMHO RFC2307 and RFC2377 were written
later...

> >What is it good for that one makes an entry belong to more than
> >one objectClass?
> 
> It is generally best to extended schema using auxiliary object
> classes...

Are you sure? IMHO it depends much on the application. An
application might be unhappy with your own auxiliary object class.

Just food for thought...

Ciao, Michael.