Greetings, all.
I apologize in advance for what I suspect is a skull-thumpingly basic
question, but I've been Googling for days and digging through LDAP
reference books and can't find an answer, or even anything that
addresses the subject. My background is an RDMS guy trying to get up
to speed in LDAP so I can extend an AD schema to add a few fields to
a place I'm consulting for, so it can hook into other systems I'm
trying to deploy.
My question is: is there any way to define an LDAP field that only
has a predefined set of acceptable values? For example, is it
possible to have a field like "favoritePrimaryColor" with allowable
values of only "Red", "Yellow", and "Blue"?
In an RDMS, you'd set up either an enum (if you're using SQL
extensions that permit it), or use a foreign key relating to another
table, but I know that LDAP prefers to be flat and gains its speed in
part from not doing lookups.
Still, I need a way to prevent invalid values in certain fields, and
I'm trying to find out whether that can be controlled in schema
definitions, or whether it has to be managed at the application
level. The more concrete real-world need here is that I need to
extend the "user" class to create an "employee" class that allows one
or more sets of (job title, code, and location) per person (employees
here often wear more than one hat, with different privileges and
trainings to track), where the job title and location fields are both
constrained by a list of about 20 allowable values and anything not
in those lists should be rejected as invalid. This is both for
security and to prevent against typos (like "clinician" instead of
"cilnician") within the database. I'd rather have that logic be
enforced by the data structures rather than the application,
otherwise I'm going to have to develop another application to police
the database looking for invalid values inserted from other sources.
If this is a stupid question, a dope-slap and a pointer to the
answer, or information about why it's not a good question, would be
greatly appreciated. If it's NOT a stupid question, any answer or
hint would also be greatly appreciated.
Thanks very much,
Steve Linberg
--
Steve Linberg, Chief Goblin
Silicon Goblin Technologies
http://silicongoblin.com
Be kind. Remember, everyone you meet is fighting a hard battle.
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
