--On Friday, November 02, 2007 12:15 PM -0400 Steve Linberg
<[EMAIL PROTECTED]> wrote:
If there's a different way to approach this, I'm open to it, but so far
Frank's solution seems to be the cleanest, and I did produce a workable
test of this yesterday under AD. It means I have to parse the values of
the pairs at the application level, which is a bit more work, but I'm
going on the understanding that there's no way to have value pairs within
LDAP.
Excluding AD for a moment, I suppose one possibility would be dynamic
groups as supported in OpenLDAP. As long as there was a role and location
attribute in the user entries, you could simply define dynamic groups which
using filters of the appropriate type (&(role=a)(location=b)) etc. Then as
users roles and locations changed, their membership in the various groups
would automatically be changed. Maintenance would be reduced to simply
adding new groups as new roles and locations were created.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
