[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attributes tag



jehan.procaccia writes:
> $ grep attributeoptions /usr/local/openldap-2.2.20-1/etc/openldap/slapd.conf
> attributeoptions x-dept-
> attributeoptions lang-
> (..)
>
> dn: uid=procacci,ou=People,dc=int-evry,dc=fr
> title;x-dept-crmp: advisor
> title;x-dept-inf: teacher
> (...)

Thanks!  You may just have solved a similar problem which we have at our
site:-)

> That would respond to my need of giving on person entry multiple title
> and associate those title to a specific departementNumber/service in the
> organization. However now I need to preserve a strict coherence between
> my departementNumber value ("inf" for exemple) and my title attribute
> option (x-dept-inf here ) !
>
> Before I go editing hundred of users entry and code my php
> interogation/modification interface to support that, do you recommend
> such a solution or are there better ones ?

Solutions I can think of include:

- an attribute option as you suggest,

- an attribute 'intEvryDeptAndTitle' with values like 'inf$teacher',

- use the DIT's tree structure somehow, e.g. put a person entry
  with title 'advisor' in a child entry of the inf dept's entry,
  and another person entry for the same person with title advisor
  under the crmp dept's entry.

> I once though about the
> organizationalRole objectClass defining  each and every roles in the
> organization and point each person entry with the seeAlso attribute to
> their roles, but again I find this a bit complicated and not easy to
> maintain ...

Not sure how this ties a particular title of a person to a particular
department; is i a variant of my third alternative above?

Anyway, what is best depends on your situation.  For example:

- Do all "department numbers" fit the attribute option syntax in
  RFC 2251 section 4.1.5?  That is, they consist of only ASCII letters,
  digits and hyphens.  Also, IDs ending with '-' could be troublesome,
  since this means an option range in some circumstances.

- Do the clients which you support recognize 'title;x-dept-inf' as a
  title attribute?

  If not, you might want to include 'title: foo' values matching
  all 'title;x-dept-yyy: foo' values.

- A search for (title=teacher) will find title;x-dept-inf: teacher,
  since title;x-dept-inf is a subtype of title.
  Is that how it should work?

- Is your title attrbute indexed in slapd.conf?  I don't know if
  a search for (title;x-dept-inf=teacher) will use the index.
  Unless someone else knows, I expect you can check by turning
  on loglevel 8480: LDAP_DEBUG_<FILTER + STATS + INDEX>.

-- 
Hallvard