Re: MacOS X logins very, very slow or failing with Openldap 2.1.23...

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Tuesday, November 25, 2003 3:27 PM -0800 Quanah Gibson-Mount 
<quanah@stanford.edu> wrote:

> --On Tuesday, November 25, 2003 6:15 PM -0500 Everette Gray Allen
> <Everette_Allen@ncsu.edu> wrote:
>
> > My understanding of posixaccount is
> > MUST
> >
> > cn, uid, uidNumber, gidNumber, homeDirectory
>
> I'm quite aware of what cn is. ;)
>
> From:
>
> <http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html>

More specifically:

Sec. 99.37  What conditions apply to disclosing directory information?

   (a) An educational agency or institution may disclose directory
information if it has given public notice to parents of students in
attendance and eligible students in attendance at the agency or
institution of:
   (1) The types of personally identifiable information that the agency
or institution has designated as directory information;
   (2) A parent's or eligible student's right to refuse to let the
agency or institution designate any or all of those types of information
about the student as directory information; and
   (3) The period of time within which a parent or eligible student has
to notify the agency or institution in writing that he or she does not
want any or all of those types of information about the student
designated as directory information.
   (b) An educational agency or institution may disclose directory
information about former students without meeting the conditions in
paragraph (a) of this section.


Essentially, if we get such a request, we simply blank out their name to a 
"'".  That fulfills the requirement, and allows us to continue to expose 
posixAccount.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html