Re: Groups under ldap

[mark@mjwilcox.com]

What I would do is probably use a groupOfUrls instead of storing 
the DNs of entries. The groupOfURLs object stores LDAP URLs 
instead of DNs that point to members. 
The URLs can be in the form of:
ldap://myldap.server.com/o=searchbase???(a valid filter) "My 
Company Contacts" 

You could display the information in quotes, the query the value of 
a form. When the user clicks on the choice, it launches a search 
based on that data.

You could also combine it with a tradtional groupOfUniquenames or 
groupOfnames (I think both of these already have an owner 
attribute, I know Uniquenames does) object.

I'd store the group objects under a person's entries as well, which 
someone pointed out would make it easier to manage with ACLS.


Mark






On 23 Jun 00, at 18:02, John Lederer wrote:

> We are working on a contacts directory using LDAP. (http://rolodap.sourceforge.net )
> 
> Here is the problem.  We want to allow a user to be able to switch from seeing "all company contacts" to seeing just "my contacts" or "George's contacts".
> 
> There are two ways of apporaching this.  One would be to create an attribute called "owner" , allow it to be multi-valued, and then use that to create groups, i.e. if the woener attribute contains "george" then we could search on that and return all of george's contacts.
> 
> The other way would be to create a group--"George's contacts" -- similar to a mail group and to put into the group all of George's contacts.
> 
> I am not sure that I see all the ramifications of the two approaches.  Does anyone have any comments?
> 
> John Lederer
> 
> 
>