Re: A dumb question, but my brain is stuck :)

[Tony Earnshaw <tonni@billy.demon.nl>]

ons, 2003-02-05 kl. 15:13 skrev Ron Hall:
> 	
> 	I'm fairly sure the answer is no, but I'll ask the question 
> 	anyway. 
> 
> 	We've an esatblished Directory with dn of the from
> 
> 	dn: cn= title last/first, ou=Dept,o=McGill,c=ca
> 
> 	I would now like to construct dns of the from
> 
> 	dn: id=#####,ou=Students,o=McGill,c=a
> 
> 	Can I do this or once I've bounght into a dn structure
> 	it's mine to keep. I suspect yes (actually deep down in 
> 	my heart I know it's so, but my mind says 'why not!').
> 
> 	Please help the the permafrost that is covering my cognitive
> 	abilities....:)

To my mind, once you've establishe the suffix o=McGill,c=ca, you can do
what you like with the rest of the RDNs. However, you'd do best to
structure them in a disciplined fashion, otherwise your clients' search
routines are going to have to make all kinds of exceptions and you could
find some clients that just couldn't cope. Authentication is an example
- a client could have to authenticate with a CN the one time, then a
UID, etc. etc. No problem if you write your own clients, nor if you use
pam_ldap (the latter because someone else will authenticate for you) but
a problem for out-of-the box clients.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl