[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap newbie

To: openldap <openldap-software@OpenLDAP.org>
Subject: Re: ldap newbie
From: Yonah Russ <yonah@jct.ac.il>
Date: 13 Oct 2002 09:56:53 +0200
In-reply-to: <20021010173327.GL2039@brick.skills-1st.co.uk>
References: <1034166480.27638.132.camel@p-yonah> <1034178823.27655.159.camel@p-yonah> <1034243257.29763.16.camel@estate1.whitemice.org> <1034251157.27638.243.camel@p-yonah> <20021010173327.GL2039@brick.skills-1st.co.uk>

On Thu, 2002-10-10 at 19:33, Andrew Findlay wrote:
> On Thu, Oct 10, 2002 at 01:59:16PM +0200, Yonah Russ wrote:
> 
> > even if I used the full attribute name instead of the abbreviation, I
> > will still have to explain to all my superiors (who will only learn LDAP
> > after the experimentation stage has been completed) what common name
> > means- an attribute FullName, on the other hand is readily
> > understandable.
> 
> There is a simple answer to that one: don't expose the internal
> attribute names to the users. LDAP has suffered over the years from
> having attribute names appear in the protocol that are almost
> meaningful enough to be displayed - the result is that they often
> *are* displayed. You would not think of displaying the OID for an
> attribute on a user interface (or document) intended for non-technical
> people, and attribute names should be treated similarly. It is very
> easy to provide a lookup table to convert to more understandable
> strings - that allows you to provide multi-lingual user interfaces
> too.
True, and if I were Micro$oft, I would do that and I would invest $$$ in
writing an interface to the directory, update the interface when the
directory changes, worry about the security of the interface as well as
the security of the directory... 

I work for a growing university which is becoming inefficient using old
methods to manage the growing number of users and services across
several campuses, which used to be one.

If I'm going to have to do all the upkeep of maintaining an interface, I
might as well stick with NIS and all the account creation scripts that
have been created and used for user management here for 10+ years. On
the other hand, if I take time now to make the low level directory
structure meaningful, I'll be able to use a simple low level ldap
browser to add entries, delete entries, edit entries, and someone else
is maintaining the interface for me.
JMHO
yonah

> Andrew
> -- 
> -----------------------------------------------------------------------
> |                 From Andrew Findlay, Skills 1st Ltd                 |
> | Consultant in large-scale systems, networks, and directory services |
> |     http://www.skills-1st.co.uk/                +44 1628 782565     |
> -----------------------------------------------------------------------

Follow-Ups:
- Re: ldap newbie
  - From: Adam Williams <awilliam@whitemice.org>

References:
- ldap newbie
  - From: Yonah Russ <yonah@jct.ac.il>
- Re: ldap newbie
  - From: Yonah Russ <yonah@jct.ac.il>
- Re: ldap newbie
  - From: Adam Williams <awilliam@whitemice.org>
- Re: ldap newbie
  - From: Yonah Russ <yonah@jct.ac.il>
- Re: ldap newbie
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: Please clear basic doubts
Next by Date: Log file location
Index(es):
- Chronological
- Thread