Menu
▾
▴
Re: uid's associated with a particular orgranizational unit
|
From: Tom J. <tj...@do...> - 2000-12-15 01:36:08
|
You're trading off flexibility for one, ability to respond to change for another... Suppose said student is also an employee. Do you create a duplicate entry under ou=staff? Do you trust your vendor's implementation of aliases (or your clients' ability to interpret aliases)? What if you issued the user a certificate with a subject under the ou=students OU? If the person changes roles, do you need to invalidate the cert and issue a new one just because they changed roles? Basing a tree structure on roles seems like a mistake to me, as it seems that people will always occupy multiple roles and LDAP/X.500 have always been bad at dealing with multiple inheritances. --Tom On Thu, 14 Dec 2000, Daryl Campbell wrote: > > Mark, > > >I use all 3. > >1 -- for mass groupings (ie , only students can see this site, or only faculty). > > So your students are entries of ou=People and have attribute ou=student. > > What are you trading off in comparison to a student dn of > > dn: uid=joestudent,ou=Student,ou=People,dc=unt,dc=edu > > ? > > -- > Daryl Campbell The magician tried to blame it on the rabbit, > Athabasca University pulled her out of the hat couldn't make her disappear > (780) 675 6379 ...never more blind than when looking at ourselves > daryl@N.O.spam.athabascau.ca Bob Kemmis, Kemmisutra > |
