Greetings, kind people.
I must once again ask forgiveness in advance for what I'm afraid
might be a second boneheadedly-basic question, but for the life of
me, I can't find an answer in any of the searching I'm doing or in
the references I have - possibly/probably because I'm still thinking
in an RDMS mindset and framing questions that way that aren't
normally asked in the LDAP world.
I think what I'm trying to do is pretty simple, but I can't figure
out the most effective way to do it. This will be under a Microsoft
Active Directory system.
The task is: I need to extend the base user class for an organization
to include one or more "location -> role" value pairs (to be used in
privilege systems). For example, a user might be an "administrator"
at location "a" and a "peon" at location "b". I need to be able to
add one or more what I think of as compound attributes to the user
class, but it appears that attributes are flat under LDAP.
I've played with LDIF files and have successfully extended the user
class to allow additional simple attributes, but it's not sufficient
for what I need to do, which is to associate pairs of attributes or
specify compound attributes. My imaginary psuedosyntax would look
something like this:
dn: cn=sampleperson,dc=foo,dc=org
objectclass: person
cn: sampleperson
fooRole: (
location: a
role: administrator
)
fooRole: (
location: b
role: peon
)
Although this syntax is nonsensical, I hope it at least makes my
intent clear. There are various ways I could hack this: hard-code a
flat list (fooRole1location: a, fooRole1role: administrator,
fooRole2location: b, etc), store a compound-valued string which I
would parse (fooRole: a-administrator, fooRole: b-peon), and I could
probably think of others, but their shortcomings are obvious and I'd
like to do it right.
Can any kind soul deliver one more dope-slap to a newbie about how
best to do this? I promise to blog the answer and seed Google with it
so other numbskulls like me asking the same strange question will
find it and not pester you with it again. :/
Thanks and apologies in advance,
Steve Linberg
--
Steve Linberg, Chief Goblin
Silicon Goblin Technologies
http://silicongoblin.com
Be kind. Remember, everyone you meet is fighting a hard battle.
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
