vacation message & schema design (was: Empty IA5String)

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

I'm not sure which situation you are thinking of, but I hope it isn't
ours.

Leif Johansson writes:
>Michael Ströder wrote:
>> Leif Johansson wrote:
>>> If you want to be able to indicate the presence of a feature with
>>> an optional attribute, yes that is exactly how you do it. Object-
>>> classes are you friend. Orthagonal design is good.

That would give us 11 or so object classes, one for each optional
feature in the mail system, just so we could use LDAP to store mail
information.  Most mail objects would need at least 5-6 object classes.
*Not* good.  I haven't seen many schemas that follow that philosophy
either.

>> Note that for security reasons it might not appropriate in some cases to 
>> give someone or a process write access to the multi-valued object class 
>> attribute. Therefore it is not always possible to indicate the presence 
>> of a feature by presence of an auxiliary object class.
>> 
>> But maybe I misunderstood you...
> 
> Read and write access is independent!

If a user wants to add a vacation message which requires that he also
adds an object class, he must have write access to add that object
class.  He might not have write access to modify all of his own entry.
One could of course make the attribute optional in the object class and
add it to all entries, but then the presence of the object class can't
be used as a 'send a vacation message' flag.
(Not our situation; our LDAP directory is read-only for the users.  But
I expect that's what Michael refers to.)

-- 
Hallvard