On Monday 29 November 2010 09:36:11 Vladislav Bogdanov wrote: > 26.11.2010 18:14, Andreas Dick wrote: > > First, I'm definitely for having UUID in a DN instead of name. It's a > way more general. > ... > > > 4) how to implement address groups? My first try will be to use simple > > subdirectorries for the groups. It fits all my needs and I will try to > > implement add/del/change groups in RC. This could look like that: > > > > my base_dn: > > ou=abook,dc=server > > > > example of an ungrouped address : > > cn=Firstname Surname,ou=abook,dc=server > > > > group exsample: > > o=My Groupe,ou=abook,dc=server > > > > example of an grouped address : > > cn=Firstname Surname,o=My Groupe,ou=abook,dc=server > > > > Patrik pointed that ou would fit better for the group: > > ou=My Groupe,ou=abook,dc=server > > > > I think this should be configured as well. > > I'd exploit native LDAP groups for that. > I mean: > > dn: uuid=1cfeae5f-264e-4b4a-a8e9-efdb259df138,ou=abook,dc=server > objectType: inetOrgPerson > uuid: 1cfeae5f-264e-4b4a-a8e9-efdb259df138 > ... > > dn: uuid=2f0f77b4-7d4b-410e-8d5e-d4ee9782ab34,ou=abook,dc=server > objectType: inetOrgPerson (or whatever else that fits, because > inetOrgPerson has some drawbacks) > uuid: 2f0f77b4-7d4b-410e-8d5e-d4ee9782ab34 > ... > > dn: cn=Group1,ou=abook,dc=server > objectType: groupOfNames > cn: Group1 > member: uuid=1cfeae5f-264e-4b4a-a8e9-efdb259df138,ou=abook,dc=server > member: uuid=2f0f77b4-7d4b-410e-8d5e-d4ee9782ab34,ou=abook,dc=server > ... > > Then you can have one contact in multiple groups without object > duplication.
This is ok for OS-level groups, but not for grouping addresses. How will you be able to integrate this with other Email clients? Also, why do you want address-entries into multiple groups? I fail to see the use-case for this. I use webmail when I'm accessing my email from a remote machine, but when I'm at home, I use a desktop email client. I do need to be able to use this client with the LDAP-tree as well. Additionally, the conventional way of securing the LDAP-tree uses ACLs. Writing ACLs to implement the schema you are proposing will be difficult at best. I can't even begin to think of a way to write them that would allow me to add an address. -- Joost _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
