[Date Prev][Date Next]
Re: access control
Quanah Gibson-Mount wrote:
--On December 5, 2007 1:41:49 PM -0500 Nathan Nobbe
i have not read any material on ideal directory layout. can you refer me
resource? the design i have created is based only on intuition. that,
and the schema
reference available in phpLdapAdmin. truth be told, ive found the
the openldap administration guide only marginally helpful. at least i
havent seen much
in there about ldap itself; the guide seems to presume preexisting
knowledge of ldap;
of which mine is scant :)
Well, there's not hard rule. The general principal is, as flat as
possible, as deep as necessary. The problem of course is compounded
that bad design decisions at the beginning can haunt you for years. ;)
if i were to have a tree for organizationalUnit objects and another for
objects, what would the ideal root objectClass of those trees?
The root objectClass of a tree really does not have to pertain to the
objects contained in that tree. I tend to make my branch roots fairly
In answer to your question, however, you may find that using sets helps
with some of what you want to do.
what are sets in the context of ldap?
That's an excellent question. Some day they'll be documented,
I don't even have a section placeholder for that yet or even one
dedicated to ACLs...hmmm...
OpenLDAP Engineering Team.
Community developed LDAP software.