[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema



On Wed, Apr 06, 2005 at 09:49:56PM -0400, Matt Juszczak wrote:

> How does openldap behave if you use all the fields in a schema (such as 
> sn) for some users, but others, sn is left blank (or just not set).  Does 
> this create a problem, or is that theoretically a good feature of openldap 
> and I wont run into problems doing something like that?

It depends on what objectClass you assign to the 'user' entries. If you
base them on one of the 'person' classes, then sn is mandatory, but if
you write your own structural objectclass then it is up to you what to
require. I normally base entries for real people on the inetOrgPerson
class and add my own auxiliary classes to permit other attributes as
needed. For 'users' that are not people (system accounts etc) it may be
useful to start with organizationalRole.

There is more information on schema design here:

	http://www.skills-1st.co.uk/papers/ldap-schema-design-feb-2005/index.html

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------