[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: FW: Request for LDAP
Lander,
Take a look in the archive:
ftp://ftp.ietf.org/ietf-mail-archive/ldapext/1999-08.mail
and search for "Subject: Nested SearchRequests" and for the reply
messages. The answers that I received back then may help you as well.
Regards,
Mircea.
"Stoddard, Lander" wrote:
>
> Dear LDAP standards working group -
>
> Please consider the request below.
>
> thanks, Lander
>
> Lander Stoddard
> Associate Director for Strategic Planning
> and Information Management
> Scientific Resources Program
> National Center for Infectious Diseases
> Centers for Disease Control and Prevention
> lstoddard@cdc.gov
>
> -----Original Message-----
> From: Tim Howes [mailto:howes@loudcloud.com]
> Sent: Thursday, April 05, 2001 4:34 PM
> To: Stoddard, Lander
> Subject: Re: Request for LDAP
>
> Hi. Sounds like a reasonable request to me, one I've
> in fact heard before. You might send it to Mark Wahl
> <mark.wahl@sun.com> or Mark Smith <mcs@netscape.com>,
> both of whom are still actively involved in the LDAP
> standardization process (I am not). Or, you could
> try sending your request to ietf-ldapext@netscape.com,
> the LDAP standards working group mailing list.
>
> Hope that helps. -- Tim
>
> "Stoddard, Lander" wrote:
> >
> > Tim -
> >
> > I just read your article "LDAP: Use as Directed" Thanks for the great
> work.
> >
> > I am trying to architect a distributed directory and have run into a
> > functional roadblock that I think should be part of the LDAP spec. I
> don't
> > know who else to send this to since I have no entree to the LDAP standards
> > body.
> >
> > The needed functionality is a recursive search for group membership. We
> can
> > build something to do this but I think it optimally should be language
> > independent. It's a common enough problem that I think there should be a
> > common solution. Consider the following scenario:
> >
> > We are going to build a public health directory to manage access to
> > applications and distribution of information. Tom X is in an
> organizational
> > role of State Epidemiologist for State Q. All state epidemiologists are
> > members of
> > the group All State Epidemiologists. There are some 50 surveillance
> > applications for which there is an application role that the state
> > epidemiologists have access to. After a person authenticates, I want to
> > present them with a list of authorized applications and approles to choose
> > from.
> >
> > So, there is orgperson object in an orgrole object/group. There is an
> > orggroup object containing orgrole objects. There is an application group
> > containing applicationrole groups. With the current LDAP query
> > functionality, I have to place individual orgperson objects into the
> approle
> > groups.
> >
> > For ease of directory management, the better thing would be to put the
> > orggroup into the approle group. Then if Tom X is replaced by Mary Y, the
> > only change that has to be made is the membership of the orgrole, not the
> > membership of the org group and 50 approles. I would like an LDAP
> function
> > that recursively searches down through the group until it finds all the
> > orgperson objects and then do a match against the provided DN. And I
> would
> > like the LDAP directory to do the work.
> >
> > What do you think? Is this a reasonable request that can be submitted? I
> > know we can code this and distribute the component to our servers, but it
> > will probably be language specific. Just seems like there ought to be an
> > LDAP solution.
> >
> > thanks for your consideration,
> > Lander
> >
> > Lander Stoddard
> > Associate Director for Strategic Planning
> > and Information Management
> > Scientific Resources Program
> > National Center for Infectious Diseases
> > Centers for Disease Control and Prevention
> > lstoddard@cdc.gov