Whose directory service is it? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com <http://msetechnology.com/>
From: Steve Linberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 30, 2007 5:42 PM To: [email protected] Subject: [ldap] Newbie Q: LDAP data value constraints Greetings, all. I apologize in advance for what I suspect is a skull-thumpingly basic question, but I've been Googling for days and digging through LDAP reference books and can't find an answer, or even anything that addresses the subject. My background is an RDMS guy trying to get up to speed in LDAP so I can extend an AD schema to add a few fields to a place I'm consulting for, so it can hook into other systems I'm trying to deploy. My question is: is there any way to define an LDAP field that only has a predefined set of acceptable values? For example, is it possible to have a field like "favoritePrimaryColor" with allowable values of only "Red", "Yellow", and "Blue"? In an RDMS, you'd set up either an enum (if you're using SQL extensions that permit it), or use a foreign key relating to another table, but I know that LDAP prefers to be flat and gains its speed in part from not doing lookups. Still, I need a way to prevent invalid values in certain fields, and I'm trying to find out whether that can be controlled in schema definitions, or whether it has to be managed at the application level. The more concrete real-world need here is that I need to extend the "user" class to create an "employee" class that allows one or more sets of (job title, code, and location) per person (employees here often wear more than one hat, with different privileges and trainings to track), where the job title and location fields are both constrained by a list of about 20 allowable values and anything not in those lists should be rejected as invalid. This is both for security and to prevent against typos (like "clinician" instead of "cilnician") within the database. I'd rather have that logic be enforced by the data structures rather than the application, otherwise I'm going to have to develop another application to police the database looking for invalid values inserted from other sources. If this is a stupid question, a dope-slap and a pointer to the answer, or information about why it's not a good question, would be greatly appreciated. If it's NOT a stupid question, any answer or hint would also be greatly appreciated. Thanks very much, Steve Linberg -- Steve Linberg, Chief Goblin Silicon Goblin Technologies http://silicongoblin.com Be kind. Remember, everyone you meet is fighting a hard battle. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
