[Date Prev][Date Next]
Re: "DIT content rule" usage patterns?
- To: Alejandro Imass <email@example.com>
- Subject: Re: "DIT content rule" usage patterns?
- From: Marco Pizzoli <firstname.lastname@example.org>
- Date: Thu, 28 Apr 2011 13:41:27 +0200
- Cc: email@example.com
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=rAXORwiUnvw4/LWjr4rhoqwpqVCZnDw85xbiWkqU4h8=; b=dzEvpvhtSgADMrTzDyyWcUBzdUyjodEuE32VtC9dRxDj6aC+c0xv+5R5JDDD1sop6t MBdaXTcd7EvDknX19uBWI291fof2Co4QYADvVqsGfD0ap0s9Rx0ouYuDtHcZSRhTuQ1i uYVZgU4jLDyj9LMFQ9ZICrRnU6yn1TGYCXxb4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=I4a1HjH2GMpMvE/8uIdE//RPteyqSsNLSudJAqUjMBfIhznKY/k3NIlXcgvE+MRC9z Ps38YytmJOGvgyrFjIC7TBoe6/sDzmtZTs8+vTzwdFtPtgs4uOiDjjFp6nAe0CSJqQ2w EUkAoFhDoLhJpjAPN3rc8OPEhfPaN8cmQwWzY=
- In-reply-to: <BANLkTikcH2syKneq1XGKDiSJ_k0tZXQ69A@mail.gmail.com>
- References: <BANLkTim4zQnUk9D+AGpKv_CsDvBufhnmxw@mail.gmail.com> <BANLkTikcH2syKneq1XGKDiSJ_k0tZXQ69A@mail.gmail.com>
On Thu, Apr 28, 2011 at 1:27 PM, Alejandro Imass <firstname.lastname@example.org> wrote:
> On Thu, Apr 28, 2011 at 6:54 AM, Marco Pizzoli <email@example.com> wrote:
>> Hi list,
>> could someone point me to some resources, in particular usage
>> examples, about DIT content rules?
> The first rule is that there are no rules ;-) there are like 2 major
> patterns so to speak: the X500 organizational distribution and the
> DNS-inspired way. You can (in fact you should) mix-match your DIT
> structure with both if you want and adapt to your own needs. The is no
> one right way to do it.
> Many people under-use LDAP. For us LDAP is used for slow-mutating
> hierarchical information that needs to be centralized, hence the term
> "directory" is precisely what you should use LDAP for. The data
> _should_ be organized in complex hierarchical form and not in the
> stupid People, Computers, etc. hierarchy imposed by stupid pseudo-LDAP
> technologies such as MS AD, and sorry to say that Samba follows the
> same mistakes. LDAP is for _a lot_ more that just a flat structure of
> People and Computers, it is designed to be hierarchically complex,
> reflecting the true nature of your organization. In the end, this will
> just translate to LDAP queries which you can easily simplify by
> working with attributes in the correct way, so no worries about how
> complex the DIT is.
> With complex hierarchies you can then even take all your user tables
> OUT of the SQLs and do some interesting querying and integration with
> your SQL stuff via the lesser known operational attribute called
> entryUUID (defined in RFC4530). Yeap, that's right there _is in fact_
> a logical primary key in LDAP.
> I did some pretty interesting work in Venezuela last year through our
> partner company Corcaribe Tecnología C.A. and wrote a paper that
> explains all this in detail... BUT the doc is in Spanish. I am
> attaching the PDF here in case it's of any use to you and/or anyone
> would care to translate and post a how-to or on a Wiki somewhere. I
> have the original OpenOffice doc and the drawing in Inkscape SVG if
> anyone would like to derive some more formal work,
> Alejandro Imass
thanks for your answer.
I hadn't talked about "DIT Structure Rules", but "DIT Content Rule".
In particular I was referring to the usage of the "ditcontentrule"
directive in slapd.conf.