Thanks Andy, that's very helpful. I will need to think more about it but it looks as if our first responses to the idea of using AD for this purpose were correct.
Regards Malcolm > -----Original Message----- > From: Andy Grafton [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, October 09, 2002 4:59 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] AD for Reference data > > Malcolm we are trying something a little bit similar for a customer. > > One of the things you should check out is whether the attributes which can > be assigned to structural elements (e.g. containers/OUs) will satisfy your > needs using any out-of-the-box AD features you want to use. > > You can extend the schema to include pretty much what you like for an > object, but then you need to write software to take advantage of that. > > As a simple example, an OU can't have an email address without a > workaround. > This might seem like a really dumb thing to say, but it can become an > issue > with structures : in order to send mail to all mail-enabled elements > within > an OU, you need a distribution list/group of some sort containing those > recipients. This means that [in essence] you have an OU defining a > structure and a separate structure defining your lines of communication. > > Another problem with using AD as a resource database comes when defining > relationships between hierarchy legs or other parts of the trees. It is > very well designed for management of computer systems using a normal corp. > structure, but isn't so well designed for easily generating multiple views > of the same data tree for other applications. An example of this might be > that BBC1 Scotland and BBC1 North share a resource. This has to be parked > in one place in the tree, so you have to either a) make some fancy > workaround system for making an "alias" in both containers or b) make a > separate place where resources shared by the 2 containers sits. > > In some circumstances, it would be great to be able to make a "shortcut" > to > a centrally located resource, which can sit in more than one place in the > tree. > > Bothering me particularly is: > > > We need to be able to relate Persons in Departments to Systems > > and Ref data items over which they have control. From all of this > > we need to be able to disseminate to user systems as quickly as > > possible any changes that are made to reference data items. > > With AD you can set a Person's authority over Systems and Ref data items, > and you can retrieve that info (or make a test against an object using AD, > or control it with AD). This means that you could work out what needs > distributing where and who can alter what, but the process of > dissemination > will be the tricky bit. > > I don't know if that helps, as I'm not totally clear about your > application. > Are there other software products which perform a similar function, with > which we could compare AD's core functionality? > > AD is a great directory tool, but if you start to make too many too many > select and replace statements in LDAP, a more conventional relational > database (SQL-style?) starts to look like a good idea. > > All the best, > > Andy > > > > > ----- Original Message ----- > From: "Malcolm Dodwell" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, October 09, 2002 12:03 PM > Subject: [ActiveDir] AD for Reference data > > > > I know only a little about AD and my question is probably more general > than > > is usual on this list so I'm not sure it is the right place to ask it. > > However... > > It has been suggested that AD might be used as a vehicle to implement a > > Reference Data Management application. > > In ERD terms we have hierachies and networks of entities. For example we > > have a list of all Reference Data concepts e.g. Channel, Service, > Outlet, > > Platform - effectively a list of all the entities deemed to be reference > > data. Each item in the list has a number of attributes (quite separate > from > > the Entity attributes themselves). Selecting a concept then takes you to > the > > next level of the hierarchy e.g selecting Channel takes you to the > Service > > entity which holds values such as BBC1 BBC2 BBC4, BBC Choice etc, each > of > > which has attributes. Selecting one of these then takes you to the > Outlet > > entity which holds values such as BBC1 North, BBC1 Scotland etc. each of > > which has attributes. This can continue again through several levels of > > hierarchy. > > There can be relationships between different legs of the hierarchies. > For > > example, another part of the reference data is a set of Systems each of > > which is related as a user of reference items. We need to keep a record > of > > which systems use which items of reference data (e.g. which systems use > the > > ref data on the Service BBC Choice. > > We need to be able to relate Persons in Departments to Systems and Ref > data > > items over which they have control. > > >From all of this we need to be able to disseminate to user systems as > > quickly as possible any changes that are made to reference data items. > > > > On the surface the hierarchical nature of AD seems to lend itself to our > > needs but I am unclear whether, for example, Containers can have > attributes > > or only the objects within Containers. And if the latter, how I would > then > > relate one of those objects as the parent of a number of other objects > (e.g. > > BBC1 (with its attributes) as the parent of BBC1 North, BBC1 Scotland > etc > > each with attributes). > > > > Sorry for this long message and I hope it is intelligible. Any help on > > understanding if AD could be applied in this kind of situation would be > > immensely useful. > > > > Regards > > > > Malcolm Dodwell > > > > Malcolm Dodwell | Data Analyst | Professional Solutions | > > BBC Technology | Media Management & Metadata | Room G201| Stadium House > | > > 68 Wood Lane | London W12 7TA > > T: +44 (0) 208 57 69799 | F: +44 (0) 208 57 63029 > > > > mailto:[EMAIL PROTECTED] > > > > > > > > > > > > In essence we have a range of reference data "concepts" (e.g. Channel, > > Outlet, Platform) each of which has attributes. Each concept then has > > "Concept Values" (e.g. for Channel, the Outlets BBC1, BBC2, BBC Choice > > etc...) each of which also has attributes. > > Each Concept Value (e.g. the Outlet BBC1) has itself a number of values > > which we call "Decodes" representing the current and historic > > representations e.g. for BBC1 they might include BBCOne, BBC ONE etc > etc. > > Each of these also has attributes (such as Effective date). > > > > > > > -----Original Message----- > > > From: Myrick, Todd (NIH/CIT) [SMTP:[EMAIL PROTECTED]] > > > Sent: 08 October 2002 22:33 > > > To: '[EMAIL PROTECTED]' > > > Subject: [ActiveDir] Issue enumerating more than 1000 members of a > > > group > > > > > > I am using some LDAP tools to enumerate the members of a group and it > will > > > only list the first 1000 members. I have tried several tools, all > with > > > the > > > same result. Is their a query policy that limits the number of > results > > > returned MaxResultSetSize is the only one that comes to mind. Any > help > > > is > > > appreciated. > > > > > > Todd Myrick > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > BBCi at http://www.bbc.co.uk/ > > > > This e-mail (and any attachments) is confidential and may contain > > personal views which are not the views of the BBC unless specifically > > stated. > > If you have received it in error, please delete it from your system, do > > not use, copy or disclose the information in any way nor act in > > reliance on it and notify the sender immediately. Please note that the > > BBC monitors e-mails sent or received. Further communication will > > signify your consent to this. > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system, do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
