Unless I'm missing something this is best solved using group membership. Why are we forcing an attribute for this? The only reason I'd use the attribute method is if I needed to support unknown values, which doesn't seem to be the case here.
-- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author, "Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices Identity Management, LDAP, and Linux Integration Steve Linberg wrote: > > On Oct 31, 2007, at 6:53 PM, Frank Swasey wrote: > >> Steve, >> >> You are absolutely correct that LDAP is very flat and goes out of its >> way to tell you not to count on order of values. >> >> That being said, what the developers have done when they cared about >> order was to use a "list" type attribute. Take a look at the >> postalAddress attribute which takes a list of values separated by "$" >> characters. >> >> So, your example of >> >> fooRole: location_a $ role_a >> fooRole: location_b $ role_b >> >> would be the way to go. > > This sounds exactly like what I need. Thanks very much. > > Cheers, > > Steve > > > -- > Steve Linberg, Chief Goblin > Silicon Goblin Technologies > http://silicongoblin.com > Be kind. Remember, everyone you meet is fighting a hard battle. > > > > > --- > You are currently subscribed to [email protected] as: [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word > UNSUBSCRIBE as the SUBJECT of the message. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
