On Wed, Aug 08, 2001 at 01:54:56AM +0200, Przemyslaw Wegrzyn wrote:
> I'm not familiar with LDAP so well yet, don't blame me if I'm totaly
> wrong. If we use just one field, we can make it unique by schema
> definition, and simply "schemacheck on" saves us much trouble, mentioned
> in Scott's post ?
>
> -=Czaj-nick=-
schemacheck must be on in a production database. If it's not on, and you
turn it on after you've added wrong data to the directory, you'll mess
it up.
One good thing to remember is LDAP is an access protocol to data that
can be anything you want. So depending on a server implementation, it
can be an SQL database, an /etc/passwd, or just straight key/value pairs
DB. However, LDAP strives to be as common for any service as possible.
There are a preset number of object classes that define allowed standard
attributes for entries. Among those more commonly used are
organizationalPerson, organization, inetOrgPerson (this one might still
be in draft). These are defined as Internet standards, and "mail" is
one of the allowed attributes. In my opinion keeping your directory as
close to the standard as possible is a good idea. Many LDAP-aware
services expect standardized schema in your directory.
That said, I wonder if qmail-ldap auxiliary class could be approximated
a little closer to some standard classes, or is it impossible? Imagine
if there's an attribute in the standard schema for e-mail aliases, and
some application other than qmail-ldap needs it.
