[Date Prev][Date Next] [Chronological] [Thread] [Top]

Maintaining information about who owns what..

To: <openldap-software@OpenLDAP.org>
Subject: Maintaining information about who owns what..
From: <fuser9bb@hotpop.com>
Date: Sat, 11 Dec 2004 23:33:15 -0600

I am using OpenLDAP 2.2.

I have two types of entries in our directory: people and accounts. I want to
be able to easily determine which accounts are owned by which people. (A
people entry belongs to one actual person, while a person may own several
accounts.) The current thinking is to use a local objectclass and attribute
(localAccount). So we may have:

dn: cn=123,...
objectClass: inetOrgPerson
objectClass: localPerson
cn=123
localAccount: uid=abc,...
localAccount: uid=efg,...

And our account:

dn: uid=abc,...
objectClass: inetOrgPerson
objectClass: localAccount
uid=abc
localPerson: cn=123,...

This way its easy to map back and forth between entries.

I would think that locating which accounts belong to which people is a
common occurance. It can be difficult to enforce a one person/one account
rule in many organizations.

Better suggestions?

Follow-Ups:
- Re: Maintaining information about who owns what..
  - From: Peter Marschall <peter@adpm.de>
- Re: Maintaining information about who owns what..
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Let logged-in users see their accounts
Next by Date: is it possible to control attribute name in ldap-backend?
Index(es):
- Chronological
- Thread