--On Tuesday, April 11, 2006 12:14 PM -0700 Howard Chu <[EMAIL PROTECTED]>
wrote:
Quanah Gibson-Mount wrote:
And as a side note, "ou" stands for Organizational Unit. Most places
do not consider "people" one of their organizational unites, and I
doubt yours does either. ;) I would suggest using "cn".
Most sites (and graphical browsers) understand "ou" to be a generic
folder and as a common usage it makes sense. I recommend against using
"cn" to name everything; that negates one of the advantages of the
directory naming structure. I.e., use naming attributes that are distinct
and indicative of the type of object being named, so you can tell what an
object is just by looking at the name, and not needing to look inside the
entry. Overuse of the "cn" attribute is a common mistake in LDAP
I absolutely disagree. Using "ou" is a violation of the meaning of the
attribute, and I've not had any issues with LDAP browsers using it. "ou"
should never be considered a generic container, especially if you are going
to be using and configuration organizations inside of an LDAP directory.
Just because a bad practice has been used for a long period of time does
not make it a good practice.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
