[Date Prev][Date Next] [Chronological] [Thread] [Top]

FW: Request for LDAP

To: "'ietf-ldapext@netscape.com'" <ietf-ldapext@netscape.com>
Subject: FW: Request for LDAP
From: "Stoddard, Lander" <lbs2@cdc.gov>
Date: Fri, 6 Apr 2001 11:44:52 -0400

Dear LDAP standards working group - 

Please consider the request below.

thanks, Lander

Lander Stoddard
Associate Director for Strategic Planning
  and Information Management
Scientific Resources Program
National Center for Infectious Diseases
Centers for Disease Control and Prevention
lstoddard@cdc.gov


-----Original Message-----
From: Tim Howes [mailto:howes@loudcloud.com]
Sent: Thursday, April 05, 2001 4:34 PM
To: Stoddard, Lander
Subject: Re: Request for LDAP


Hi. Sounds like a reasonable request to me, one I've
in fact heard before. You might send it to Mark Wahl
<mark.wahl@sun.com> or Mark Smith <mcs@netscape.com>,
both of whom are still actively involved in the LDAP
standardization process (I am not). Or, you could
try sending your request to ietf-ldapext@netscape.com,
the LDAP standards working group mailing list.

Hope that helps.       -- Tim

"Stoddard, Lander" wrote:
> 
> Tim -
> 
> I just read your article "LDAP: Use as Directed"  Thanks for the great
work.
> 
> I am trying to architect a distributed directory and have run into a
> functional roadblock that I think should be part of the LDAP spec.  I
don't
> know who else to send this to since I have no entree to the LDAP standards
> body.
> 
> The needed functionality is a recursive search for group membership.  We
can
> build something to do this but I think it optimally should be language
> independent.  It's a common enough problem that I think there should be a
> common solution.  Consider the following scenario:
> 
> We are going to build a public health directory to manage access to
> applications and distribution of information.  Tom X is in an
organizational
> role of State Epidemiologist for State Q.  All state epidemiologists are
> members of
> the group All State Epidemiologists.  There are some 50 surveillance
> applications for which there is an application role that the state
> epidemiologists have access to.  After a person authenticates, I want to
> present them with a list of authorized applications and approles to choose
> from.
> 
> So, there is orgperson object in an orgrole object/group.  There is an
> orggroup object containing orgrole objects.  There is an application group
> containing applicationrole groups.  With the current LDAP query
> functionality, I have to place individual orgperson objects into the
approle
> groups.
> 
> For ease of directory management, the better thing would be to put the
> orggroup into the approle group.  Then if Tom X is replaced by Mary Y, the
> only change that has to be made is the membership of the orgrole, not the
> membership of the org group and 50 approles.  I would like an LDAP
function
> that recursively searches down through the group until it finds all the
> orgperson objects and then do a match against the provided DN.  And I
would
> like the LDAP directory to do the work.
> 
> What do you think?  Is this a reasonable request that can be submitted?  I
> know we can code this and distribute the component to our servers, but it
> will probably be language specific.  Just seems like there ought to be an
> LDAP solution.
> 
> thanks for your consideration,
> Lander
> 
> Lander Stoddard
> Associate Director for Strategic Planning
>   and Information Management
> Scientific Resources Program
> National Center for Infectious Diseases
> Centers for Disease Control and Prevention
> lstoddard@cdc.gov

Follow-Ups:
- Re: FW: Request for LDAP
  - From: "Mircea Pana" <mpana@nortelnetworks.com>

Prev by Date: Re: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
Next by Date: draft-ietf-ldup-subentry-08.txt
Index(es):
- Chronological
- Thread