Ben Spencer writes: > Are there attribute options use guidelines? Should they be avoided? > Are they preferred over creating more attributes? > > Or does it simply depend on use of the attributes and how the > applications can/will/will not deal with them?
User-defined attribute options are likely less portable than attribute types. E.g. the OpenLDAP server (slapd) has only supported them since 2003. And I wouldn't be surprised to see some LDAP clients reject the ';' as a syntax error. OTOH if you intend to have several "variants" of several attribute types, a few options can save you quite a lot of attribute types. There are also attribute option ranges which allow you to search for subranges, e.g. (title;lang-en-=foo) finds title;lang-en-gb: foo. Options can also help clients classify attribute descriptions - it can parse 'UserRole;internal' and see it is a UserRole. If you use two attribute types instead it'll need to keep a list of related attributes on the client side. (With options you should keep a list of options, so the client knows the semantics of each option. But that list need not be tied to a list of attribute types.) Attribute inheritance is one semantic difference between your two examples, which may decide the question for you: > Example case (this is just an example) > UserRole: Student > UserRole;internal: Part Time Employee If you use tagging options (the one type user-defined options which OpenLDAP supports), "UserRole;internal" is a subtype of "UserRole". So an equivalent example using multiple attribute types would be: UserRole: Student UserRoleInternal: Part Time Employee where UserRoleInternal is defined as a subtype of UserRole: attributeType ( <oid> NAME 'UserRoleInternal' SUP UserRole ) A filter for a type will also match its subtypes, and a search request which asks for a type to be returned will also receive its subtypes: a filter (UserRole=Part Time Employee) will match the UserRole;internal attribute. Is that what you want? If so, and if you use attribute types as above, that behavior will be confusing to users who do not know the schema. So if you are going to define subtypes of UserRole, I'd normally not recommend to also put UserRole in directory entries (or the MUST/MAY lists of object classes). With options it looks clearer, provided the user knows how the LDAP protocol works in that respect. Likely, if you use multiple attributes, a better variant would be your > UserRolePrimary: Student > UserRoleInternal: Part Time Employee if you want the ability to search for UserRole and find UserRolePrimary, you define UserRole, then define UserRolePrimary and UserRoleInternal as subtypes of it and put the last two in the directory. The attribute option variant of this would be to define attribute UserRole, and put in the directory: UserRole;primary: Student UserRole;internal: Part Time Employee -- Regards, Hallvard --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
