[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapadd error

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: ldapadd error
From: Howard Chu <hyc@symas.com>
Date: Tue, 11 Apr 2006 12:43:29 -0700
Cc: Adam Williams <awilliam@mdah.state.ms.us>, openldap-software@OpenLDAP.org
In-reply-to: <397399D214AB8CB3D2964C95@cadabra-sw.stanford.edu>
References: <443AB6B8.3090808@mdah.state.ms.us> <1144701877.3376.0.camel@ando> <443AC74F.6090404@mdah.state.ms.us> <2f8462f30604101522w7c656785x4feb90d8a572058@mail.gmail.com> <443AE5BD.8000001@mdah.state.ms.us> <2f8462f30604102025y2eec566la51a4abaade727c8@mail.gmail.com> <443B89FC.8010701@mdah.state.ms.us> <6257D13BAE72DC14EB792C76@cadabra-sw.stanford.edu> <443C002A.1040505@symas.com> <397399D214AB8CB3D2964C95@cadabra-sw.stanford.edu>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060405 SeaMonkey/1.5a

Quanah Gibson-Mount wrote:

Most sites (and graphical browsers) understand "ou" to be a generic folder and as a common usage it makes sense. I recommend against using "cn" to name everything; that negates one of the advantages of the directory naming structure. I.e., use naming attributes that are distinct and indicative of the type of object being named, so you can tell what an object is just by looking at the name, and not needing to look inside the entry. Overuse of the "cn" attribute is a common mistake in LDAP
I absolutely disagree. Using "ou" is a violation of the meaning of the attribute, and I've not had any issues with LDAP browsers using it. "ou" should never be considered a generic container, especially if you are going to be using and configuration organizations inside of an LDAP directory. Just because a bad practice has been used for a long period of time does not make it a good practice.

This discussion probably belongs on the general LDAP list.

1) the main point is that overusing/misusing "cn" is bad. 2) we both agree that misusing attributes (outside their designated purpose) is bad. 3) in practice, political structures are not well suited to a hierarchical directory structure. If you're going to talk about bad practices, start there. Once you recognize that "organization" and org charts make no sense in the directory space, you see that the political meaning of "organizational unit" is useless and it's just a "unit" as in "an atom for organizing information."

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- ldapadd error
  - From: Adam Williams <awilliam@mdah.state.ms.us>
- Re: ldapadd error
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: ldapadd error
  - From: Adam Williams <awilliam@mdah.state.ms.us>
- Re: ldapadd error
  - From: "Steve Feehan" <sfeehan@gmail.com>
- Re: ldapadd error
  - From: Adam Williams <awilliam@mdah.state.ms.us>
- Re: ldapadd error
  - From: "Steve Feehan" <sfeehan@gmail.com>
- Re: ldapadd error
  - From: Adam Williams <awilliam@mdah.state.ms.us>
- Re: ldapadd error
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ldapadd error
  - From: Howard Chu <hyc@symas.com>
- Re: ldapadd error
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: ldapadd error
Next by Date: slapd no response
Index(es):
- Chronological
- Thread