Active Directory does not natively offer this capability. You'll need to define and handle the value structure yourself. Sorry L
Aside -- I initially thought you were referring to a form of linked-values (which are supported) but, having re-read your requirements, this technology doesn't apply. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com <http://msetechnology.com/> From: Steve Linberg [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 31, 2007 6:24 PM To: [email protected] Subject: [ldap] Newbie Q: nested objects Greetings, kind people. I must once again ask forgiveness in advance for what I'm afraid might be a second boneheadedly-basic question, but for the life of me, I can't find an answer in any of the searching I'm doing or in the references I have - possibly/probably because I'm still thinking in an RDMS mindset and framing questions that way that aren't normally asked in the LDAP world. I think what I'm trying to do is pretty simple, but I can't figure out the most effective way to do it. This will be under a Microsoft Active Directory system. The task is: I need to extend the base user class for an organization to include one or more "location -> role" value pairs (to be used in privilege systems). For example, a user might be an "administrator" at location "a" and a "peon" at location "b". I need to be able to add one or more what I think of as compound attributes to the user class, but it appears that attributes are flat under LDAP. I've played with LDIF files and have successfully extended the user class to allow additional simple attributes, but it's not sufficient for what I need to do, which is to associate pairs of attributes or specify compound attributes. My imaginary psuedosyntax would look something like this: dn: cn=sampleperson,dc=foo,dc=org objectclass: person cn: sampleperson fooRole: ( location: a role: administrator ) fooRole: ( location: b role: peon ) Although this syntax is nonsensical, I hope it at least makes my intent clear. There are various ways I could hack this: hard-code a flat list (fooRole1location: a, fooRole1role: administrator, fooRole2location: b, etc), store a compound-valued string which I would parse (fooRole: a-administrator, fooRole: b-peon), and I could probably think of others, but their shortcomings are obvious and I'd like to do it right. Can any kind soul deliver one more dope-slap to a newbie about how best to do this? I promise to blog the answer and seed Google with it so other numbskulls like me asking the same strange question will find it and not pester you with it again. :/ Thanks and apologies in advance, Steve Linberg -- Steve Linberg, Chief Goblin Silicon Goblin Technologies http://silicongoblin.com Be kind. Remember, everyone you meet is fighting a hard battle. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
