[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIT tree question

To: Torgeir Veimo <torgeir.veimo@ecomda.com>, openldap-software@OpenLDAP.org
Subject: Re: DIT tree question
From: Rob Tanner <rtanner@cheshire.onlinemac.com>
Date: Mon, 05 Feb 2001 08:14:13 -0800
Content-disposition: inline
In-reply-to: <3A7ECB69.E7F4A356@ecomda.com>

That's a significant qualifier to your previous post. I guess one question would be whose responsible for maintaining the data? If it's the customer, then you are probably much wiser to back off. Your "added value" could end up being a minus rather than a plus. Another question: if each of the ou's you referred to in your original post is a separate customer, is the data that comprises customer A's specific attributes confidential, or can customer B see it without a problem, and do you know that answer to this question in some documentable form should one or the other customer take you to court over the matter?

If these different customers are really different, and not like divisions of the same company, you probably want to set up separate servers or at least different suffixes in the DN to distinguish one entry from the other, then use ACI's to restrict access. It sounds like you only have a few attributes in common and most of the others apply uniquely to each individual customer (or is that incorrect). Why don't you separate the data into multiple servers and use a front-end data-entry application to replicate the common attributes. Or, if there can be complete sharing of the data between the customers, follow the advice in my first reply.

-- Rob

--On Monday, February 05, 2001 04:48:57 PM +0100 Torgeir Veimo <torgeir.veimo@ecomda.com> wrote:

Just to clarify; We are running directory services on behalf of
customers. Sometimes different customers have directories which
contains the same people.

We want to provide those people the added value of using a single
directory entry, as this simplifies this persons administrative task
(only update a single address when moving etc.), and the ease of
using a single sertificate and logon name and password.

If we didn't mind people having multiple entries this wouldn't be an
issue.

--
- Torgeir

      _ _ _ _           _    _ _ _ _ _
     /\_\_\_\_\        /\_\ /\_\_\_\_\_\
    /\/_/_/_/_/       /\/_/ \/_/_/_/_/_/  QUIDQUID LATINE DICTUM SIT,
   /\/_/__\/_/ __    /\/_/    /\/_/          PROFUNDUM VIDITUR
  /\/_/_/_/_/ /\_\  /\/_/    /\/_/
 /\/_/ \/_/  /\/_/_/\/_/    /\/_/         (Whatever is said in Latin
 \/_/  \/_/  \/_/_/_/_/     \/_/              appears profound)

 Rob Tanner
 McMinnville, Oregon
 rtanner@cheshire.onlinemac.com

Follow-Ups:
- Re: DIT tree question
  - From: Torgeir Veimo <torgeir.veimo@ecomda.com>

References:
- Re: DIT tree question
  - From: Torgeir Veimo <torgeir.veimo@ecomda.com>

Prev by Date: Re: DIT tree question
Next by Date: Re: DIT tree question
Index(es):
- Chronological
- Thread