[Date Prev][Date Next]
Re: How to use group to contain entities?
At 04:17 PM 1/6/01 +0800, email@example.com wrote:
>I am doing my final year project, developing an organization model with each person playing multiple roles. Therefore , I would like to use "group" to represent multiple roles, like Managers, Clerks.
>However, I come across serveral problems.
>A. "objectclass: groupOfUniqueNames"
> "uniquemember: cn=Manon Goo, ou=People, o=MG, c=DE"
The Group Of Unique Names object class is used to define entries representing an
unordered set of names whose integrity can be assured and which represent
individual objects or other groups of names.
The Unique Member attribute type specifies a group of unique names associated
with an object. A unique name is a name that is optionally disambiguated by
the inclusion of its unique identifier. An attribute value for Unique Member is
a distinguished name accompanied by an optional unique identifier.
>B. "objectclass: groupofNames"
> "member: cn=fred blogs,dc=example,dc=com" ?
The Group Of Names object class is used to define entries representing an
unordered set of names which represent individual objects or other
groups of names.
The Member attribute type specifies a group of names associated with the
object. An attribute value for Member is a distinguished name.
>1. what are the differences
"whose integrity can be assured". That is, the client should
assure that names placed within a group of unique names have
Depending on the nature of the application, either (or both)
could be used.
>2. Can a group contain a member under itself ? For example, Officers is a subtree of Mangers.
> "dn: ou=Managers,dc=example,dc=com"
> "objectclass: groupofNames"
> "member: ou=Officers,ou=Managers,dc=example,dc=com"?
It can contain it. Whether or not the application recurses
to obtain indirect members is up to the application.
>3. During the searching the group, will each member of group automatically be searched?
No. If the search matches the group, the group itself is returned.
What the application does with the group is up to application.
Note that LDAP has no database join operation. That is, there is
not a single operation which returns the set of members of a group.
Applications must read (search) the group to obtain a set of members,
then read each of member. If a member is itself a group, it's up
to the application to recurse as desired.