[Date Prev][Date Next] [Chronological] [Thread] [Top]

final schema design sanity check.

To: ldap list <openldap-software@OpenLDAP.org>
Subject: final schema design sanity check.
From: "Brian K. Jones" <jonesy@CS.Princeton.EDU>
Date: 28 Feb 2003 10:48:39 -0500
Organization: Princeton University, Dept. of Computer Science

OK. I've got most of my stuff together as far as schema design. I've done my best to stick to the standards or widely published schemas, resorting where needed to schemas supplied by applications. I'm trying not to start off by creating non-standard objects - opting instead to add auxilary extensions later if necessary. Please let me know if the sample entry below is 'sane'. I'm currently testing on OpenLDAP 2.0, but this will eventually move to 2.1, and (as is probably expected from a former DBA) I'd like to enforce schema checking in production. I have strong concerns that what's below will prohibit that. The directory will be used for UNIX authentication as well as a sort of white pages supporting Netscape, LookOut and Evolution (and we get pine and mutt for free

)

Here's what I have - much of it based on the YoLinux tutorial's LDIF sample --> http://www.yolinux.com/TUTORIALS/OpenLDAP2.0-ExtendedStooges-officeperson.ldif.txt

Some additions, from the 'evolutionperson' schema, and some omissions, notably 'shadowAccount', which I've been unable to find good descriptions and explanations for (pointers welcome - even the RFC lacks a description for many of shadowAccount's attributes)

PS - if anyone can gimme a pointer on how to perform the mappings to consolidate the number of attributes, that would be wonderful. I'm a little worried about the syntaxes and OID's matching up, but haven't examined the protocol enough to really have a good understanding of how things are parsed by the DSA. I suspect that if the syntax matches, the application gets something it can parse, and the OID should be arbitrary. This, of course, assumes the application asks for things *by name* and not OID. :-)

dn: cn=jonesy,ou=People,dc=my,dc=domain
objectclass: top
objectclass: person
objectclass: posixAccount
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: officePerson
objectclass: zillaPerson
objectclass: evolutionPerson
sn: Jones
givenName: Brian
ou: People
title: Techstaff ############### evolution 'businessRole'
manager: cn=daboss,dc=my,dc=domain
fileAs: Jones, Brian
mail: me@yahoo.com
primaryPhone: 1111 ############### standard is 'telephoneNumber', this is from evolutionPerson
mobile: 111-111-1111 ############### evolution 'otherPhone'
homePhone: 111-111-1111
homePostalAddress: 1313 Mockingbird Ln.$Springfield Mass. 00110
postalAddress: 35 MyOffice Dr.
l: OfficeTown
st: NJ
postalcode: 00110
c: US
roomNumber: 101B
physicalDeliveryOfficeName: Bldg 4, rm 101B
preferredLanguage: English
facsimileTelephoneNumber: 111-111-1111 ########## evolution 'otherFacsimile....'
birthDate: 11/11/11 ######### Yes, I'm very, very old :-)

jpegPhoto:< file:///path/to/picture.jpg ############ also standard 'photo'
comment: This attribute can map to 'note' too.
URL: http://my.webpage.whatever
xmozillanickname: jonesy
xmozillausehtmlmail: TRUE
uid: jones
loginShell: /bin/bash
homeDirectory: /home/jones
uidNumber: 30
gidNumber: 1
gecos: Brian,STAFF,101B
userPassword: {CRYPT}importedNISpassword

Input, links, docs, and (at least somewhat helpful) flames welcome.
brian.

Prev by Date: Re: OpenLDAP install issue with SASL
Next by Date: ldappasswd HELP!!
Index(es):
- Chronological
- Thread