[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MacOS X logins very, very slow or failing with Openldap 2.1.23...

On 26 Nov 2003, at 09:05, Everette Gray Allen wrote:
From this it looks like our folks are being too strict in their analysis. In our world however we do form uids based on a known formula which involves the users initials, part of their last name, and adds a sequential number in case of dups. Still if we did not expose cn then there would be now way to get a name from the id for sure.

We allow users to choose their initial ID and also allow them to change it. If, for instance, their ID is too close to their name, when they decide to hide their name they can also change their ID to something more obscure.

Seems reasonable if you are going to use the same database with more secure access for other purposes. Is the FERPA flag restriction enforced by access rules under slapd or some other mechanism when loading the data into the ldap server?

We trigger ACLs on the LDAP server based on the value of FERPA.