[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to use group to contain entities?

To: <eg_ymc@stu.ust.hk>
Subject: Re: How to use group to contain entities?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 06 Jan 2001 08:22:09 -0800
Cc: openldap-general@OpenLDAP.org
In-reply-to: <200101060817.QAA11640@webmailc.ust.hk>

At 04:17 PM 1/6/01 +0800, eg_ymc@stu.ust.hk wrote:
>I am doing my final year project, developing an organization model with each person playing multiple roles. Therefore , I would like to use "group" to represent multiple roles, like Managers, Clerks.
>
>However, I come across serveral problems. 
>  
>A. "objectclass: groupOfUniqueNames" 
>    "uniquemember: cn=Manon Goo, ou=People, o=MG, c=DE"

X.521:
  The Group Of Unique Names object class is used to define entries representing an
  unordered set of   names whose integrity can be assured and which represent
  individual objects or other groups of names.

  The Unique Member attribute type specifies a group of unique names associated
  with an object. A unique name is a name that is optionally disambiguated by
  the inclusion of its unique identifier.  An attribute value for Unique Member is
  a distinguished name accompanied by an optional unique identifier. 

>B. "objectclass: groupofNames" 
>    "member: cn=fred blogs,dc=example,dc=com"    ?

   The Group Of Names object class is used to define entries representing an
  unordered set of names which represent individual objects or other
  groups of names. 

  The Member attribute type specifies a group of names associated with the
  object.  An attribute value for Member is a distinguished name. 

>1. what are the differences

"whose integrity can be assured".  That is, the client should
assure that names placed within a group of unique names have
integrity.

Depending on the nature of the application, either (or both)
could be used.

>2. Can a group contain a member under itself ? For example, Officers is a subtree of Mangers.
>       "dn: ou=Managers,dc=example,dc=com" 
>       "objectclass: groupofNames" 
>       "member: ou=Officers,ou=Managers,dc=example,dc=com"?

It can contain it.  Whether or not the application recurses
to obtain indirect members is up to the application.

>3. During  the searching the group, will each member of group automatically be searched?

No.  If the search matches the group, the group itself is returned.
What the application does with the group is up to application.

Note that LDAP has no database join operation.  That is, there is
not a single operation which returns the set of members of a group.
Applications must read (search) the group to obtain a set of members,
then read each of member.  If a member is itself a group, it's up
to the application to recurse as desired.

References:
- How to use group to contain entities?
  - From: <eg_ymc@stu.ust.hk>

Prev by Date: Question about search data
Next by Date: Re: Question about search data
Index(es):
- Chronological
- Thread