On Thu, Apr 28, 2011 at 1:27 PM, Alejandro Imass <aim...@yabarana.com> wrote: > On Thu, Apr 28, 2011 at 6:54 AM, Marco Pizzoli <marco.pizz...@gmail.com> > wrote: >> Hi list, >> could someone point me to some resources, in particular usage >> examples, about DIT content rules? >> > > The first rule is that there are no rules ;-) there are like 2 major > patterns so to speak: the X500 organizational distribution and the > DNS-inspired way. You can (in fact you should) mix-match your DIT > structure with both if you want and adapt to your own needs. The is no > one right way to do it. > > Many people under-use LDAP. For us LDAP is used for slow-mutating > hierarchical information that needs to be centralized, hence the term > "directory" is precisely what you should use LDAP for. The data > _should_ be organized in complex hierarchical form and not in the > stupid People, Computers, etc. hierarchy imposed by stupid pseudo-LDAP > technologies such as MS AD, and sorry to say that Samba follows the > same mistakes. LDAP is for _a lot_ more that just a flat structure of > People and Computers, it is designed to be hierarchically complex, > reflecting the true nature of your organization. In the end, this will > just translate to LDAP queries which you can easily simplify by > working with attributes in the correct way, so no worries about how > complex the DIT is. > > With complex hierarchies you can then even take all your user tables > OUT of the SQLs and do some interesting querying and integration with > your SQL stuff via the lesser known operational attribute called > entryUUID (defined in RFC4530). Yeap, that's right there _is in fact_ > a logical primary key in LDAP. > > I did some pretty interesting work in Venezuela last year through our > partner company Corcaribe TecnologĂa C.A. and wrote a paper that > explains all this in detail... BUT the doc is in Spanish. I am > attaching the PDF here in case it's of any use to you and/or anyone > would care to translate and post a how-to or on a Wiki somewhere. I > have the original OpenOffice doc and the drawing in Inkscape SVG if > anyone would like to derive some more formal work, > > Best, > > -- > Alejandro Imass
Hi Alejandro, thanks for your answer. I hadn't talked about "DIT Structure Rules", but "DIT Content Rule". In particular I was referring to the usage of the "ditcontentrule" directive in slapd.conf. Thanks again Marco