[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attributes tag

Hallvard B Furuseth wrote:

jehan.procaccia writes:

$ grep attributeoptions /usr/local/openldap-2.2.20-1/etc/openldap/slapd.conf
attributeoptions x-dept-
attributeoptions lang-

dn: uid=procacci,ou=People,dc=int-evry,dc=fr
title;x-dept-crmp: advisor
title;x-dept-inf: teacher

Thanks! You may just have solved a similar problem which we have at our site:-)

Any one on this list already use that ? (tags !)

There still something which I cannot find do -> how do I search only the attribute title here ?
$ ldapsearch -x uid=procacci -h localhost title -D "cn=admin,dc=int-evry,dc=fr" -W -LLL
dn: uid=procacci,ou=People,dc=int-evry,dc=fr
title:: SW5nw6luaWV1ciBzeXN0w6htZXM=
title;x-dept-crmp: advisor
title;x-dept-inf: teacher
title;lang-us: system&network engineer

returns all attributes + sub (tagged) attributes

That would respond to my need of giving on person entry multiple title
and associate those title to a specific departementNumber/service in the
organization. However now I need to preserve a strict coherence between
my departementNumber value ("inf" for exemple) and my title attribute
option (x-dept-inf here ) !

Before I go editing hundred of users entry and code my php
interogation/modification interface to support that, do you recommend
such a solution or are there better ones ?

Solutions I can think of include:

- an attribute option as you suggest,

- an attribute 'intEvryDeptAndTitle' with values like 'inf$teacher',

I don't like that one :-( , to much complicated to maintain ...

- use the DIT's tree structure somehow, e.g. put a person entry
with title 'advisor' in a child entry of the inf dept's entry,
and another person entry for the same person with title advisor
under the crmp dept's entry.

No I want to keep my directory as flat as possible, I have everyone persone just below ou=people,dc=int-evry,dc=fr, no mater if the are from department X or Y or even if they are students or employee !

I once though about the
organizationalRole objectClass defining each and every roles in the
organization and point each person entry with the seeAlso attribute to
their roles, but again I find this a bit complicated and not easy to
maintain ...

Not sure how this ties a particular title of a person to a particular
department; is i a variant of my third alternative above?


Anyway, what is best depends on your situation.  For example:

- Do all "department numbers" fit the attribute option syntax in
RFC 2251 section 4.1.5? That is, they consist of only ASCII letters,
digits and hyphens. Also, IDs ending with '-' could be troublesome,
since this means an option range in some circumstances.

I can manage that .

- Do the clients which you support recognize 'title;x-dept-inf' as a
title attribute?

I suppose no :-(, but our personnal developpemnt could do (I have to check if php-ldap can do it ...)

 If not, you might want to include 'title: foo' values matching
 all 'title;x-dept-yyy: foo' values.

- A search for (title=teacher) will find title;x-dept-inf: teacher,
since title;x-dept-inf is a subtype of title.
Is that how it should work?

umh ... I have to be carefull indeed ! I'am not sure that what I am looking for ...

- Is your title attrbute indexed in slapd.conf? I don't know if
a search for (title;x-dept-inf=teacher) will use the index.
Unless someone else knows, I expect you can check by turning
on loglevel 8480: LDAP_DEBUG_<FILTER + STATS + INDEX>.

I'am not at preformance tunning yet .. but your right, i should check that .