[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema design - multiple structural objectclasses

To: <D.J.Morriss@hw.ac.uk>, "openldap-general" <openldap-general@OpenLDAP.org>
Subject: Re: Schema design - multiple structural objectclasses
From: "Graeme Joyce" <openldap-list@jade.co.nz>
Date: Wed, 27 Sep 2000 12:37:11 +1200
References: <5355.968840933@muttley.cen.hw.ac.uk>

> This leads me to the conclusion that a single entry per person would be a
> good idea from the management point of view, using all of the above
> objectclasses concatenated together. I plan to use access control to give
> alternative "views" of the same data
>
I agree, if you need only one account per person. See:
http://www.openldap.org/lists/openldap-general/200001/msg00043.html
for an idea if you need multiple accounts per person.

> However, this seems to go against the recommendations in Howes, Smith, &
> Good's excellent (but weighty) book. I don't really understand why
multiple
> structural objectclasses in an entry aren't a good idea. Anyone care to
> comment?
see:
http://www.openldap.org/lists/openldap-software/200001/msg00075.html

I think "posixAccount" is an auxilliary class, while "account" is definitely
structural. If you add posixAccount only (ie not "account") as an additional
objectclass on your person entries, that should allow you to use the
attributes you need, without breaking the "one structural objectclass" rule.
At least that's what I've done and (so far) it seems OK. The real test will
be upgrading to OpenLdap V2 I guess.

> Is my "smash it all together" design going to haunt me in future?
If it does, you wont be alone :-)

References:
- Schema design - multiple structural objectclasses
  - From: D.J.Morriss@hw.ac.uk

Prev by Date: Re: DIT structure for multiple user accounts
Next by Date: Solaris 8 and PAM-Authentification
Index(es):
- Chronological
- Thread