2010/1/9 Michael Ströder <[email protected]> > Hung Luu wrote: > > Suppose I have the following DN's: > > > > inetOrgPerson: > > [uid=alice,dc=example,dc=com] > > > > organizationalRole: > > [cn=manager,ou=groups,dc=example,dc=com] > > [cn=supervisor,ou=groups,dc=example,dc=com] > > > > locality: > > [l=phoenix,ou=division,dc=example,dc=com] > > [l=portland,ou=division,dc=example,dc=com] > > > > How can I store in my directory the fact that Alice is a manger at the > > Phoenix division, but she is only a supervisor at the Portland division? > > I know group membership is involved here, but what's the best way to > > represent that group membership to optimize searches such as: Return all > > the people with a specific role at a specific locality, or return all > > the roles and localities for a person. > > You could also use slapo-memberof to populate the member entries with a > back-reference to the group entries which make some queries a lot easier. > > Ciao, Michael. >
Suppose I have a group of roles and a group of localities, so that I have the following representation of group membership: [cn=manager,ou=groups,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com [cn=supervisor,ou=groups,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com [l=phoenix,ou=divisions,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com [l=portland,ou=divisions,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com How will slapo-memberof tell me which role Alice has at which locality? What would the query look like? Dynamic groups look promising, but would I have to create a dynamic group for each user-role mapping? Using cn=config, I should be able to add new dynamic groups on the fly without restarting slapd? Thanks, Hung.
