[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: logic of physicalDeliveryOfficeName -> dn describing it

To: dannyman <dannyman@toldme.com>
Subject: Re: logic of physicalDeliveryOfficeName -> dn describing it
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 01 Jun 2001 13:32:37 +0200
Cc: openldap-software@OpenLDAP.org
Organization: stroeder.com
References: <20010531153531.V20416@dell.dannyland.org>

dannyman wrote:
> 
> ou=Mstaff
>  ou=Platform Engineering
>   ou=Network Operations
>    ou=Enterprize Servers
> 
> My instinct here was just to give people multiple ou attributes that
> related to their ou hierarchy, but say I wanted to be able to grok the
> ou hierarchy itself ...

It is not possible to preserve the hierarchy with a multi-valued
attribute since unfortunately LDAP standard defines it to be
returned as SET (unordered list) instead of a SEQUENCE. Although
most LDAP servers seem to return the same order your LDAP
application must not rely on this.

> Right now, I'm just doing uid=foo,ou=People,cn=domain,cn=com for all of
> my users.  I like the flat structure here, as I can enforce unique UIDs
> across my enterprize, and because we like to reorg every few months
> anyway. :)

IMHO you should not try to represent your organizational structure
in the DIT for the very reason you mentioned: reorging all the time.

If you try to extract the organigram from your LDAP repository I'd
suggest that you try to write an application which has knowledge
about the tree structure of your ou's and does sub-tree searches to
gather the persons belonging to that ou.

Ciao, Michael.

Prev by Date: Re: openldap patches
Next by Date: Problems coding password handling in PERL
Index(es):
- Chronological
- Thread