constraints on attributes or number of leaves [long]

[Frederic Saincy <freddy@lovelinux.org>]

Hi all,

I have planed to do a free gtk-libldap gui for an exim-ldap
configuration, to provide a nice interface for end-users that they
manage themselves their mail accounts.

There are different roles that the interface should manage:

- mail admin: can add/remove/modify domain.
- domain admin: can add/remove/modify mail user in his domain.
- mail user: can forward their mail, set aliases, auto-reply and so
  on.

There are some constraints that can't be managed by the
client:

- unique constraint on mail attribute value, mail alias
  value...(consistency)

- Max number of mail account per domain, max number of mail alias per
  user...(trust no one... except server ACLs)

* For the unique constraint mail/alias, the only way i found is to
use the dn key, for example:

b@domain.home alias of a@domain.home.

dn: mail=a@domain.home,dc=domain,dc=home
objectClass: MailAccount
mail: a@domain.home

dn: mailalias=b@domain.home,dc=domain,dc=home
objectClass: MailAlias
mailalias: b@domain.home
mail: a@domain.home

(yes, there is also a circular reference problem, maybe i will have to
try "alias" objectclass , don't know right now )

* For the max number of child/attributes, there is a solution too:

precreate mail accounts with the "mail admin" role for example:

dn: uid=1,dc=domain,dc=home
objectClass: MailAccount
mail: (null)
...
dn: uid=2,dc=domain,dc=home
...
dn: uid=[max number of mail],dc=domain,dc=home

"domain admin" role will not be able to remove a MailAccount anymore, just set
mail attribute value.

But wait... what about the unique constraint ?

This is a catch 22

Any idea ?

Bye.