[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: How to replace account with inetOrgPerson?
>
> John Kane wrote:
> > IF your goal is to simply add the 'mail' attr to existing
> > accounts, why not just use the extensibleObject objectClass
> > to each account. Once that is added, you should be able to
> > add the needed attribute. This is what I did and it seems
> > to work fine.
>
> extensibleObject allows any attribute in an entry! This
> circumvents schema checking.
Thanks for the input, Michael.
It is my understanding, from RFC 2252, that adding extensibleObject
simply, in effect, adds a wild card to the 'MAY' attribute list for
any other object classes included in this DN, and other normal schema
checking will still occur (i.e. mandatory attributes for the other
object classes will still be required, etc.).
>
> > To the OpenLDAP gurus; should this method not be used?
>
> I consider it bad practice.
When I went this route, I assumed it may not be 'best practice',
but 'bad practice'? Are there areas in the code where this might
be a problem?
Out of curiosity, when might using the extensibeObject be considered
'good practice'? (not trying to 'beat a dead horse', just trying to
expand my knowledge)
>
> Ciao, Michael.
Thanks,
John
This message is confidential to Prodea Systems, Inc unless otherwise indicated
or apparent from its nature. This message is directed to the intended recipient
only, who may be readily determined by the sender of this message and its
contents. If the reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to the intended
recipient:(a)any dissemination or copying of this message is strictly
prohibited; and(b)immediately notify the sender by return message and destroy
any copies of this message in any form(electronic, paper or otherwise) that you
have.The delivery of this message and its information is neither intended to be
nor constitutes a disclosure or waiver of any trade secrets, intellectual
property, attorney work product, or attorney-client communications. The
authority of the individual sending this message to legally bind Prodea Systems
is neither apparent nor implied,and must be independently verified.