[Date Prev][Date Next]
Re: ldapadd error
Quanah Gibson-Mount wrote:
Most sites (and graphical browsers) understand "ou" to be a generic
folder and as a common usage it makes sense. I recommend against using
"cn" to name everything; that negates one of the advantages of the
directory naming structure. I.e., use naming attributes that are
and indicative of the type of object being named, so you can tell
object is just by looking at the name, and not needing to look inside
entry. Overuse of the "cn" attribute is a common mistake in LDAP
I absolutely disagree. Using "ou" is a violation of the meaning of
the attribute, and I've not had any issues with LDAP browsers using
it. "ou" should never be considered a generic container, especially
if you are going to be using and configuration organizations inside of
an LDAP directory. Just because a bad practice has been used for a
long period of time does not make it a good practice.
This discussion probably belongs on the general LDAP list.
1) the main point is that overusing/misusing "cn" is bad.
2) we both agree that misusing attributes (outside their designated
purpose) is bad.
3) in practice, political structures are not well suited to a
hierarchical directory structure. If you're going to talk about bad
practices, start there. Once you recognize that "organization" and org
charts make no sense in the directory space, you see that the political
meaning of "organizational unit" is useless and it's just a "unit" as in
"an atom for organizing information."
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/