[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A person in multiple ou's.

To: Jason <jason@codemonkey.net>
Subject: Re: A person in multiple ou's.
From: Gerrit Thomson <334647@swin.edu.au>
Date: Mon, 13 Dec 1999 13:03:35 +1100
Cc: OpenLDAP-general@OpenLDAP.org
References: <19991209121207.A25855@syn.codemonkey.net>

Jason wrote:

> Hello,
>
> I'm setting up a directory where there are multiple
> organizationalunit's.  Some people belong to more than one ou.  Is there
> a standard way to add one person to multiple ou's without adding them to
> each ou individually?  Or should I be rethinking my setup.
>
> Thanks.
> Jason
>
> (sorry if off topic or faq)

Hi Jason,

      I have to ask what the OU is used for?

1: access control.  perhaps groups are better.

2: locating a person, the ou a person is in is not searchable.

3: organisational structure indication. Perople are not structured, Roles
are structured. If roles are for access control then use groups for the
roles.

A point: if you want to use ou in a search filter then the searchable ou
values have to be mentioned as part of the objects you whish to locate. eg
a person has an ou attribute, this attribute can have any number of values
and bares absolutley no relation to the position of the object in the ldap
service and need not be reflect in the person object dn.

Personally, for people object, ou's are of no significance. For role
management they can be used to group together related role groups.

My $0.02 worth.
Cheers,
    Gerrit Thomson.

References:
- A person in multiple ou's.
  - From: Jason <jason@codemonkey.net>

Prev by Date: Re: Using LDAP for Auth & Access Control?
Next by Date: Re: A person in multiple ou's.
Index(es):
- Chronological
- Thread