Re: ldap newbie

[Yonah Russ <yonah@jct.ac.il>]

On Thu, 2002-10-10 at 11:47, Adam Williams wrote:
> 
> IMHO, all schemas should base themselves on the standard schemas,
> wherever possible.  One of the points of LDAP is interoperability.  The
> core schema are actually quite complete.
I'm not sure what you mean by interoperability... I am hoping to
complete this directory and then point a tacacs+ server at it to handle
a lot of authentication... Most likely nothing except for the tacacs
server and the net admins will ever access the directory directly.
If you are telling me that tacacs won't be able to understand my
"home-brewed" schema, then please tell me b/c I will go back and rework
the directory... on the other hand, If you mean that outlook clients
won't be able to use it as an addressbook, I'm not so worried.

> 
> >> attributetype ( jctAttrib:0 NAME ( 'jctFullName' $ 'jctFN' )
> >>         DESC 'Full Name Associated with a Person'
> >>         EQUALITY caseIgnoreMatch
> >>         SUBSTR caseIgnoreSubstringsMatch
> >>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{32768}
> 
> Isn't this exactly what the "cn" attribute is?  Why not use "cn"?
It's true that I probably took this from the cn attribute definition but
the names given to attributes are at best non-descriptive... 

even if I used the full attribute name instead of the abbreviation, I
will still have to explain to all my superiors (who will only learn LDAP
after the experimentation stage has been completed) what common name
means- an attribute FullName, on the other hand is readily
understandable.

> Also, I don't understand "NAME ( 'jctFullName' $ 'jctFN' )"  I'm pretty
> certain the "$" is incorrect,  you just want a white space delimited
> list.

I took this syntax from the open ldap documentation:
http://www.openldap.org/doc/admin20/schema.html#Extending%20Schema
QUOTE:===============================================
attributeType ( 2.5.4.3 NAME
                ( 'cn' $ 'commonName' ) SUP name )
=====================================================
If you are correct, it is just another example of the poor documentation
IMHO

> 
> >> attributetype ( jctAttrib:1 NAME ( 'jctMisparZehut' $ 'jctTZ' )
> >>         DESC 'Identification Number associated with a person'
> >>         EQUALITY numericStringMatch
> >>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{32768}
> >>         SINGLE-VALUE
> >>)
maybe those would work but the meaning here is a government provided id
number (like a social security number in the USA) once again- the text
name I used is much more user friendly

> Why no uidNumber, or x500UniqueIdentifier, or uniqueIdentifier;
> whichever is most appropriate.
> 
> >>the error a schema like this produced was:
> >>jct.schema:  line 27: Expecting a name before 'jctFN' ) DESC 
> >>'Full Name Associated with a Person' EQUALITY caseIgnoreMatch SUBSTR 
> >>caseIgnoreSubstringsMatch	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{32768}
> >>AttributeTypeDescription = ....
> 
> Remove the dollar sign.
Thank you. I appreciate all the input I can get. 
yonah
> 
> -- 
> ----------------------------------------------------------------
> This message undoubtedly processed by the purely benevolent "US
> Department of Homeland Security",  but don't worry... they're
> only goal is to protect life, liberty and the pursuit of property.