Hi, I have some trouble designing an LDAP model. I have to setup something in which I can lookup what right a person has to access a certain module. This has to be generic in respect of where the peoples/groups are stored in the directory. So it could be implemented in different LDAP organisations.
I came up with the following: * a structural myModule class with some text attributes (version) * a structural myMember class with one text attribute which describes the access and a link to a user/group somewhere in the directory Now I make a hierarchy like: cn=moduleA,ou=Modules : with a myVersion text attribute cn=user1,cn=moduleA,ou=Modules : with myMode (read/write etc string) attribute and myTargetDN DN attribute which points somewhere. Attached are the schema & ldif sample (all created with the Apache DS eclipse plugins) My questions are: * does this make any sense. Or is there hardly anything to say about it without the exact project information etc * can I put an index on the myTargetDN? Because this one will be searched for mostly I think: 'is current user allowed to access this module.' * should I make more use of auxiliary classes? (couldn't find a decent structural class where I could base myModule on) * Any ideas on where can I find more info about LDAP modelling? (besides this mailing list ;-) Thanks a lot for your time/feedback. greetings, Wessel
my.schema
Description: Binary data
