"Wessel Louwris" <[EMAIL PROTECTED]> writes: > Hi, > > I have some trouble designing an LDAP model. I have to setup something in > which I can lookup what > right a person has to access a certain module. > This has to be generic in respect of where the peoples/groups are stored in > the directory. So it > could be implemented in different LDAP organisations. > > I came up with the following: > * a structural myModule class with some text attributes (version) > * a structural myMember class with one text attribute which describes the > access and a link to a user > /group somewhere in the directory > > Now I make a hierarchy like: > cn=moduleA,ou=Modules : with a myVersion text attribute > cn=user1,cn=moduleA,ou=Modules : with myMode (read/write etc string) > attribute and myTargetDN DN > attribute which points somewhere. > > Attached are the schema & ldif sample (all created with the Apache DS eclipse > plugins) > > My questions are: > * does this make any sense. Or is there hardly anything to say about it > without the exact project > information etc
As you don't describe your project it is hard to comment on your schema. But you may face some problems as your objectclass myModule requires the attribute type commonName, depending on your directory vendor, you may have to include an other structural objectclass. > * can I put an index on the myTargetDN? Because this one will be searched for > mostly I think: 'is > current user allowed to access this module. You only can create an equality index, as this attribute type provides no substring rules. > * should I make more use of auxiliary classes? (couldn't find a decent > structural class where I could > base myModule on) It has always been good practice to design based on standard track objectclasses and extend classes to individual requirements. > * Any ideas on where can I find more info about LDAP modelling? (besides this > mailing list ;-) http://www.guug.de/veranstaltungen/ldapcon2007/slides/Design-of-a-Directory-Information-Tree-presentation.pdf -Dieter -- Dieter Klünter | Systemberatung http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E
