[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapadd error

--On Tuesday, April 11, 2006 12:14 PM -0700 Howard Chu <hyc@symas.com> wrote:

Quanah Gibson-Mount wrote:
And as a side note, "ou" stands for Organizational Unit.  Most places
do not consider "people" one of their organizational unites, and I
doubt yours does either. ;)  I would suggest using "cn".

Most sites (and graphical browsers) understand "ou" to be a generic folder and as a common usage it makes sense. I recommend against using "cn" to name everything; that negates one of the advantages of the directory naming structure. I.e., use naming attributes that are distinct and indicative of the type of object being named, so you can tell what an object is just by looking at the name, and not needing to look inside the entry. Overuse of the "cn" attribute is a common mistake in LDAP

I absolutely disagree. Using "ou" is a violation of the meaning of the attribute, and I've not had any issues with LDAP browsers using it. "ou" should never be considered a generic container, especially if you are going to be using and configuration organizations inside of an LDAP directory. Just because a bad practice has been used for a long period of time does not make it a good practice.


-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html