[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ftcstr attribute replacement ?

To: openldap-fortress@openldap.org
Subject: Re: ftcstr attribute replacement ?
From: Emmanuel LÃcharny <elecharny@gmail.com>
Date: Mon, 01 Jul 2013 22:58:00 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=4nx0LhEalsRfMdhy4RC/W9M9KG27la7LR4r8g+wAWCU=; b=H1oJStMTd45VYBLeZug15VbL6aABYv2P3FzqFSUuB4Q2CUR6eGDfTWoMVVYxwVaAuR XoLZNey9Q5SxFrjP+JpoAfnu+v/BZomRf7MnzqtwgxlEmnE3P2CXrYvNa51zxMEDZPLj xyIC/0ppWpis6cY2yIwQsIeHcBYynP++saBfNiWLYIBHtf1za8nZIB3D7cMOhgd/J1K5 uak8scAgxwgCvVuenSlovEvvfDXEffe/rEcOmMcLjC4v7mKtHOevuZfkCiVgPD3IlcUC 2fJU7vY87vxMPdVwDLFcJPQ1eS+E461UieYQfb7/emwgzQq+0xeaHAO2P+6sHQsrxnij VPEg==
In-reply-to: <51D1E872.1090208@jts.us>
References: <51D08787.6010902@gmail.com> <51D09873.50809@jts.us> <51D0B626.5010307@gmail.com> <51D0BB43.8060507@jts.us> <51D0BDA8.7080206@gmail.com> <51D1E872.1090208@jts.us>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

Le 7/1/13 10:37 PM, Shawn McKinney a Ãcrit :
> On 06/30/2013 06:22 PM, Emmanuel LÃcharny wrote:
>> Le 7/1/13 1:12 AM, Shawn McKinney a Ãcrit :
>>> Can these attrs be multi-occurring and still attached to same node?
>>> User may have many roles assigned, each can be constrained differently.
>> The ftCStr is declared as a SINGLE VALUE attribute.
>>
>
> In fortress there are 3 temporal constraints that hang off user node:
>
> 1. user contraint: (single)
> # A13: User Temporal Constraint, type STRING, SINGLE VALUE
> attributetype ( 1.3.6.1.4.1.1.38088.1.13
>     NAME 'ftCstr'
>     DESC 'Fortress User Temporal Constraint'
>     EQUALITY caseIgnoreMatch
>     SUBSTR caseIgnoreSubstringsMatch
>     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
>
> 2. user-role constraint: (multi-occurring)
> # A15: User Role Constraints, type STRING, MULTI VALUE
> attributetype ( 1.3.6.1.4.1.1.38088.1.15
>     NAME 'ftRC'
>     DESC 'Fortress User Role Constraints'
>     EQUALITY caseIgnoreMatch
>     SUBSTR caseIgnoreSubstringsMatch
>     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> 3. user-admin-role constraint: (multi-occurring)
> # A21: Admin Role Constraints, type STRING, MULTI VALUE
> attributetype ( 1.3.6.1.4.1.1.38088.1.21
>     NAME 'ftARC'
>     DESC 'Fortress Admin Role Constraints'
>     EQUALITY caseIgnoreMatch
>     SUBSTR caseIgnoreSubstringsMatch
>     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
Ok, it's clear that it's a better solution to have the ftCstr attributes
stored as a String then.

Thanks Shawn.

-- 
Regards,
Cordialement,
Emmanuel LÃcharny
www.iktek.com

References:
- Re: ftcstr attribute replacement ?
  - From: Shawn McKinney <shawn.mckinney@jts.us>

Prev by Date: Re: ftcstr attribute replacement ?
Next by Date: Doubt about a method...
Index(es):
- Chronological
- Thread