[Date Prev][Date Next] [Chronological] [Thread] [Top]

How do you JOIN with LDAP?

I'm having the following simple problem: I have an unstructured set
of objects (persons in my case), which I need to structure in
multiple tree structures (locations, org structures and login
structures in my case, for example). Also, I need to be able to
move objects within each structure (relocate a person object from
one department to another) without changing the primary key
of that object, so that I can create proper diffs between several
generations of my object set.

Coming from an SQL background, I would have created an object
table (an unstructured pool of objects) and multiple tables,
each implementing a tree structure as needed. I would have then
joined the appropropriate structure table with the unstructured
pool to create the requested tree structure. Also, I would have
been able to move a person within a tree without changing that
persons PK in the pool table, ever.

In filesystem terms, I would have created a single pool directory,
storing each objects data in a file. I would have then created
several parallel subdirectory trees, each of which I would populate
with Symlinks to the actual data files as needed. I would be able
to add and remove symlinks to the actual data file without changing
a data files name, ever. Each tree is in fact some kind of
precalculated join.

As I am new to LDAP, I was looking for the equivalent of the JOIN
operation in the LDAP query language first, but that particular
primitive seems to be missing (selection and projection primitives
are present, though). So I was resorting to precalculated joins
filesystem style to solve my problems, but it seems that the
LDAP equivalent of Symlinks is extremely badly supported in client
software, that is, applications such as Netscape cannot handle
address books which consist of links to the actual persons DN's.

I am now giving up - what is the proper way to solve my problem
in LDAP? I would have thought that this particular problem is
not so uncommon, after all, and some of you must have experienced
similar problems as I before.

Also, how to you formulate implement such as "a persons employee
number must be numeric and be between 10000 and 99999" (simple
row constraint) or "a persons employee id cannot be in two 
departments simultaneously" (constraint across all rows of a table)
or "a manager persons can only have subordinate employee ids which 
actually exist" (foreign key relationship) in LDAP database 


Kristian Köhntopp, NetUSE Kommunikationstechnologie GmbH
Siemenswall, D-24107 Kiel, Germany, +49 431 386 436 00
Using PHP3? See our web development library at
http://phplib.netuse.de/ (We have moved! Update your bookmarks!)