[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attributes tag

To: "jehan.procaccia" <jehan.procaccia@int-evry.fr>
Subject: Re: attributes tag
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 19 Jan 2005 18:59:19 +0100
Cc: openldap-software@OpenLDAP.org, Michel GARDIE <Michel.Gardie@int-evry.fr>
In-reply-to: <41ED8557.9050505@int-evry.fr>
References: <41ED4670.3070008@int-evry.fr> <m3acr67g11.fsf@marin.l4b.de> <41ED6322.7040203@int-evry.fr> <hbf.20050118mbr@bombur.uio.no> <hbf.20050118a9o@bombur.uio.no> <41ED8557.9050505@int-evry.fr>

jehan.procaccia writes:
> $ grep attributeoptions /usr/local/openldap-2.2.20-1/etc/openldap/slapd.conf
> attributeoptions x-dept-
> attributeoptions lang-
> (..)
>
> dn: uid=procacci,ou=People,dc=int-evry,dc=fr
> title;x-dept-crmp: advisor
> title;x-dept-inf: teacher
> (...)

Thanks!  You may just have solved a similar problem which we have at our
site:-)

> That would respond to my need of giving on person entry multiple title
> and associate those title to a specific departementNumber/service in the
> organization. However now I need to preserve a strict coherence between
> my departementNumber value ("inf" for exemple) and my title attribute
> option (x-dept-inf here ) !
>
> Before I go editing hundred of users entry and code my php
> interogation/modification interface to support that, do you recommend
> such a solution or are there better ones ?

Solutions I can think of include:

- an attribute option as you suggest,

- an attribute 'intEvryDeptAndTitle' with values like 'inf$teacher',

- use the DIT's tree structure somehow, e.g. put a person entry
  with title 'advisor' in a child entry of the inf dept's entry,
  and another person entry for the same person with title advisor
  under the crmp dept's entry.

> I once though about the
> organizationalRole objectClass defining  each and every roles in the
> organization and point each person entry with the seeAlso attribute to
> their roles, but again I find this a bit complicated and not easy to
> maintain ...

Not sure how this ties a particular title of a person to a particular
department; is i a variant of my third alternative above?

Anyway, what is best depends on your situation.  For example:

- Do all "department numbers" fit the attribute option syntax in
  RFC 2251 section 4.1.5?  That is, they consist of only ASCII letters,
  digits and hyphens.  Also, IDs ending with '-' could be troublesome,
  since this means an option range in some circumstances.

- Do the clients which you support recognize 'title;x-dept-inf' as a
  title attribute?

  If not, you might want to include 'title: foo' values matching
  all 'title;x-dept-yyy: foo' values.

- A search for (title=teacher) will find title;x-dept-inf: teacher,
  since title;x-dept-inf is a subtype of title.
  Is that how it should work?

- Is your title attrbute indexed in slapd.conf?  I don't know if
  a search for (title;x-dept-inf=teacher) will use the index.
  Unless someone else knows, I expect you can check by turning
  on loglevel 8480: LDAP_DEBUG_<FILTER + STATS + INDEX>.

-- 
Hallvard

Follow-Ups:
- Re: attributes tag
  - From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>

References:
- attributes tag
  - From: "jehan.procaccia" <jehan.procaccia@int-evry.fr>
- Re: attributes tag
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: attributes tag
  - From: "jehan.procaccia" <jehan.procaccia@int-evry.fr>
- Re: attributes tag
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: attributes tag
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: attributes tag
  - From: "jehan.procaccia" <jehan.procaccia@int-evry.fr>

Prev by Date: Re: Using SecurID for authentication
Next by Date: Re: Compatibility query
Index(es):
- Chronological
- Thread