[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ftcstr attribute replacement ?
- To: openldap-fortress@openldap.org
- Subject: Re: ftcstr attribute replacement ?
- From: Emmanuel LÃcharny <elecharny@gmail.com>
- Date: Mon, 01 Jul 2013 22:58:00 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=4nx0LhEalsRfMdhy4RC/W9M9KG27la7LR4r8g+wAWCU=; b=H1oJStMTd45VYBLeZug15VbL6aABYv2P3FzqFSUuB4Q2CUR6eGDfTWoMVVYxwVaAuR XoLZNey9Q5SxFrjP+JpoAfnu+v/BZomRf7MnzqtwgxlEmnE3P2CXrYvNa51zxMEDZPLj xyIC/0ppWpis6cY2yIwQsIeHcBYynP++saBfNiWLYIBHtf1za8nZIB3D7cMOhgd/J1K5 uak8scAgxwgCvVuenSlovEvvfDXEffe/rEcOmMcLjC4v7mKtHOevuZfkCiVgPD3IlcUC 2fJU7vY87vxMPdVwDLFcJPQ1eS+E461UieYQfb7/emwgzQq+0xeaHAO2P+6sHQsrxnij VPEg==
- In-reply-to: <51D1E872.1090208@jts.us>
- References: <51D08787.6010902@gmail.com> <51D09873.50809@jts.us> <51D0B626.5010307@gmail.com> <51D0BB43.8060507@jts.us> <51D0BDA8.7080206@gmail.com> <51D1E872.1090208@jts.us>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
Le 7/1/13 10:37 PM, Shawn McKinney a Ãcrit :
> On 06/30/2013 06:22 PM, Emmanuel LÃcharny wrote:
>> Le 7/1/13 1:12 AM, Shawn McKinney a Ãcrit :
>>> Can these attrs be multi-occurring and still attached to same node?
>>> User may have many roles assigned, each can be constrained differently.
>> The ftCStr is declared as a SINGLE VALUE attribute.
>>
>
> In fortress there are 3 temporal constraints that hang off user node:
>
> 1. user contraint: (single)
> # A13: User Temporal Constraint, type STRING, SINGLE VALUE
> attributetype ( 1.3.6.1.4.1.1.38088.1.13
> NAME 'ftCstr'
> DESC 'Fortress User Temporal Constraint'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
>
> 2. user-role constraint: (multi-occurring)
> # A15: User Role Constraints, type STRING, MULTI VALUE
> attributetype ( 1.3.6.1.4.1.1.38088.1.15
> NAME 'ftRC'
> DESC 'Fortress User Role Constraints'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> 3. user-admin-role constraint: (multi-occurring)
> # A21: Admin Role Constraints, type STRING, MULTI VALUE
> attributetype ( 1.3.6.1.4.1.1.38088.1.21
> NAME 'ftARC'
> DESC 'Fortress Admin Role Constraints'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
Ok, it's clear that it's a better solution to have the ftCstr attributes
stored as a String then.
Thanks Shawn.
--
Regards,
Cordialement,
Emmanuel LÃcharny
www.iktek.com