On Wed, Dec 11, 2013 at 09:09:36AM +0000, Andy Swiffin wrote:
> Sorry, but I have to fervently disagree with this and reiterate what
> I originally said. Personally I think you'd be mad to extend your
> schema with eduperson, particularly AD where it seems more frowned
> upon than other directories such as Novell edirectory. All you're
> doing is moving the problem around, instead of using a scripting
> language in somewhere which is designed to manipulate attributes
> you're going to have to invent a mechanism to do that in whatever your
> flavour of x500 is. And thereby create a tautology which will
> inevitably get broken at some point, where you have to take user
> attributes in some sensible local format and replicate them into
> another attribute on the user.
We get our directory server to do the eduPerson attribute synthesis...
using retro Netscape Class of Service so the value of "affiliation" is
derived from something else within the directory but presented as a real
attribute to the client.
As I understand it, however, this functionality is only available in
directory services derived from Netscape's server (such as Sun/Oracle
DSEE and 389server).
http://directory.fedoraproject.org/wiki/Howto:ClassOfService
> And while I'm in grumpy old man mode, I do hate it when people talk
> about LDAP directories. LDAP is a protocol (the clue is in the name)
> for accessing X500 directories not a type of directory itself. I
> know this is a battle I lost years ago but every now and then I wake
> up from my slumbers and have a grumble.
But I like my HTTP site and my SIP phone!
> Anyone for a DAP session?
I'm good, ta ;)
--
Matthew Slowe
Server Infrastructure Team e: [log in to unmask]
IS, University of Kent t: +44 (0)1227 824265
Canterbury, UK w: www.kent.ac.uk
|