[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: attributes tag
Hallvard B Furuseth wrote:
jehan.procaccia writes:
$ grep attributeoptions /usr/local/openldap-2.2.20-1/etc/openldap/slapd.conf
attributeoptions x-dept-
attributeoptions lang-
(..)
dn: uid=procacci,ou=People,dc=int-evry,dc=fr
title;x-dept-crmp: advisor
title;x-dept-inf: teacher
(...)
Thanks! You may just have solved a similar problem which we have at our
site:-)
Any one on this list already use that ? (tags !)
There still something which I cannot find do -> how do I search only the
attribute title here ?
$ ldapsearch -x uid=procacci -h localhost title -D
"cn=admin,dc=int-evry,dc=fr" -W -LLL
dn: uid=procacci,ou=People,dc=int-evry,dc=fr
title:: SW5nw6luaWV1ciBzeXN0w6htZXM=
title;x-dept-crmp: advisor
title;x-dept-inf: teacher
title;lang-us: system&network engineer
returns all attributes + sub (tagged) attributes
That would respond to my need of giving on person entry multiple title
and associate those title to a specific departementNumber/service in the
organization. However now I need to preserve a strict coherence between
my departementNumber value ("inf" for exemple) and my title attribute
option (x-dept-inf here ) !
Before I go editing hundred of users entry and code my php
interogation/modification interface to support that, do you recommend
such a solution or are there better ones ?
Solutions I can think of include:
- an attribute option as you suggest,
- an attribute 'intEvryDeptAndTitle' with values like 'inf$teacher',
I don't like that one :-( , to much complicated to maintain ...
- use the DIT's tree structure somehow, e.g. put a person entry
with title 'advisor' in a child entry of the inf dept's entry,
and another person entry for the same person with title advisor
under the crmp dept's entry.
No I want to keep my directory as flat as possible, I have everyone
persone just below ou=people,dc=int-evry,dc=fr, no mater if the are from
department X or Y or even if they are students or employee !
I once though about the
organizationalRole objectClass defining each and every roles in the
organization and point each person entry with the seeAlso attribute to
their roles, but again I find this a bit complicated and not easy to
maintain ...
Not sure how this ties a particular title of a person to a particular
department; is i a variant of my third alternative above?
Yes
Anyway, what is best depends on your situation. For example:
- Do all "department numbers" fit the attribute option syntax in
RFC 2251 section 4.1.5? That is, they consist of only ASCII letters,
digits and hyphens. Also, IDs ending with '-' could be troublesome,
since this means an option range in some circumstances.
I can manage that .
- Do the clients which you support recognize 'title;x-dept-inf' as a
title attribute?
I suppose no :-(, but our personnal developpemnt could do (I have to
check if php-ldap can do it ...)
If not, you might want to include 'title: foo' values matching
all 'title;x-dept-yyy: foo' values.
- A search for (title=teacher) will find title;x-dept-inf: teacher,
since title;x-dept-inf is a subtype of title.
Is that how it should work?
umh ... I have to be carefull indeed ! I'am not sure that what I am
looking for ...
- Is your title attrbute indexed in slapd.conf? I don't know if
a search for (title;x-dept-inf=teacher) will use the index.
Unless someone else knows, I expect you can check by turning
on loglevel 8480: LDAP_DEBUG_<FILTER + STATS + INDEX>.
I'am not at preformance tunning yet .. but your right, i should check that .