[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap newbie
>>IMHO, all schemas should base themselves on the standard schemas,
>>wherever possible. One of the points of LDAP is interoperability. The
>>core schema are actually quite complete.
>I'm not sure what you mean by interoperability... I am hoping to
>complete this directory and then point a tacacs+ server at it to handle
>a lot of authentication... Most likely nothing except for the tacacs
>server and the net admins will ever access the directory directly.
> If you are telling me that tacacs won't be able to understand my
It depends upon the specific TACAS server.
>"home-brewed" schema, then please tell me b/c I will go back and rework
>the directory... on the other hand, If you mean that outlook clients
>won't be able to use it as an addressbook, I'm not so worried.
Ok. I always assume that tomorrow the system will want to do something
I didn't for see today. The power of LDAP really is to place all the
"crap": users, groups, mail routing, access control, contacts,
preferences in one spot.
>I took this syntax from the open ldap documentation:
>http://www.openldap.org/doc/admin20/schema.html#Extending%20Schema
>QUOTE:===============================================
>attributeType ( 2.5.4.3 NAME
> ( 'cn' $ 'commonName' ) SUP name )
>=====================================================
>If you are correct, it is just another example of the poor documentation
>IMHO
The schema files I'm looking at on my live LDAP server have no "$".
Could be something has changed. But poor documentation! Never.... :)
>>>> attributetype ( jctAttrib:1 NAME ( 'jctMisparZehut' $ 'jctTZ' )
>>>> DESC 'Identification Number associated with a person'
>>>> EQUALITY numericStringMatch
>>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{32768}
>>>> SINGLE-VALUE
>>>>)
>maybe those would work but the meaning here is a government provided id
>number (like a social security number in the USA) once again- the text
>name I used is much more user friendly
>>Why no uidNumber, or x500UniqueIdentifier, or uniqueIdentifier;
>>whichever is most appropriate.
I disagree on this one. uidNumber is for posixAccount, which are
always local. And uniqueIdentifier is -
"The domain within which the identifier is unique, and the exact
semantics of the identifier, are for local definition. For a person,
this might be an institution-wide payroll number. For an organisational
unit, it might be a department code."