On Thu, Nov 21, 2002 at 03:20:22PM -0500, Dan Melomedman wrote:
> Ricardo Cerqueira wrote:
> > On Thu, 2002-11-21 at 16:37, Dan Melomedman wrote:
> > [snip]
> >
> > > At leaset these need to be prefixed: uid, mail, homeDirectory.
> >
> > Uhhh... no way :-)
> > The thing I like most about LDAP is that I can use it for every service
> > I provide, including mail, ftp, radius, or any other kind of service
> > requiring auth and possibly storage.
> > I _do_ want to use the same login attribute (uid) for all services, and
> > I do want to share the same homeDirectory, and cn, and userPassword,
> > etc...
>
> You only want to use the same login attribute if the your LDAP-enabled
> services agree on the value for that attribute. What happens if they do
> not?
>
Then your new app is broken. A few LDAP attributes have a special meaning
e.g mail, mailalternateaddress, uid, homedirectory (as per rfc ... don't
remember the number).
In qmail-ldap we used the already defined attributes so it is simpler to
convert from Netscape as example. Where we thought it would be useful we
added new attributes (qmailUID, qmailGID).
> There's nothing wrong with attributes which contain duplicate values if
> needed, and having the freedom to make them differ. You never know what
> kind of an LDAP-enabled application you could be running in a few
> months/years that will require storing _different_ values than what you
> already have. If an attribute is not from the standard schema, don't use
> it in the custom schema; make your custom object classes auxiliary to
> your standard object classes. This means uid, mail, homedirectory
> shouldn't even be in the qmailUser object class BECAUSE THEY CONFLICT
> WITH EXISTING SCHEMAS.
>
mail, uid and homedirectory are not defined in the qmail.schema the are
imported from an other schema (core.schema, nis.schema).
AFAIK there is no standard for most mta specific attributes. I found only
some drafts. Also keep in mind that our attributes are named in a
non-ambigous way. mailQuotaSize, qmailDotMode or mailReplyText are quite
clear. The only not perfectly named fields are deliveryMode and
deliveryProgramPath. Better would be mailDeliveryMode and
mailDeliveryProgram.
> Case in point: an organization has an existing directory service running
> where the uid attribute is populated with values such as "23415734". Uid
> is their naming attribute, and is not used as a username. What are you
> going to do? Exactly what should have been done in the first place:
> design qmail-ldap schema so it doesn't conflict. Convenient?
>
Broken software as per RFC 1274 and the OpenLDAP core schema:
9.3.1. Userid
The Userid attribute type specifies a computer system login name.
...
#
# Derived from RFC1274, but with new "short names"
#
attributetype ( 0.9.2342.19200300.100.1.1
NAME ( 'uid' 'userid' )
DESC 'RFC1274: user identifier'
...
The attribute naming is a non ending fight, there is always somebody how
thinks his schema is better. For the moment we keep the one we have.
--
:wq Claudio
