hi thornton, thanks for your advice and sharing with me your experiences.
may i just ask you a few more questions below pls.
----- Original Message -----
From: Thornton Prime <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, November 26, 2000 3:06 AM
Subject: Re: ldap vs mysql
>
> On Sun, 26 Nov 2000, Corisen wrote:
>
> > my worries about method 1 is as follows:
> > 1. if the department changes name, how can i update the dn of all the
users
> > under this department tree?
>
> Direcories are heirachical. The DN is the directory address of an entry.
> You don't need to rename all the children in a tree any more than you
> would need to change the names of files or subdirectories when renaming a
> parent directory on a filesystem.
for each department, there will be a parent node with dn: o=depertment1,
dc=mycompany, dc=com.
under this node, there will be many child entries with:
dn: uid=username1, o=department1, dc=mycompany, dc=com
objectclass: ....
o: department1
......(other attributes/values)
so if i change the parent node to dn:o=departmentnew, dc=mycompany, dc=com,
am i correct to say
that i should change all entries previously with dn:uid=username,
o=department1, dc=mycompany, dc=com
and o=department1 to o=department new? will ldap command line tool
automatically & recursively change all child entries'
dn and o attribures to the new department? if not, these users might have
the wrong/old department info.
may i know what is the command to change the dn: o=department ..... to
o=departmentnew pls.
> > 2. if a user change department, how can i update his dn to uid=username,
> > o=newdept, dc=mycompany, dc=com?
>
> The LDAP API has methods to copy, move (rename), and delete entries. There
> are also command line tools.
may i know which command to move/rename the dn of a entry pls. i know other
attributes can be modified/updated but i'm not sure how to move/rename the
dn.
> > 5. what are the pros and cons of using "o" in the dn?
>
> It is really a matter of the structure you are hoping to use and the LDAP
> policies and applications you intend to implement.
ldap will be used largely for authentication by radius server, sendmail, ftp
etc.
the registration application is just making use of ldap database.
> > using method 2, the name space design is simpler: uid=username,
> > dc=mycompany, dc=com. but i have to keep duplicate/two sets of
department
> > records. one in mysql and one in ldap. and they must be synchronise when
any
> > department is modified, deleted or added.
> >
> > i really have no idea what might be the complications for each method
and
> > which is a better way of designing.
>
> Basically, I would recommend sticking with mysql unless you plan on
> leveraging LDAP for other applications and services. A LDAP server can be
> a powerful tool, but poorly maintained and with irrelevant or incorrect
> data it only serves as a source of disinformation or worse, a security
> policy problem.
if i use only (without the o=department in dn):
dn: uid=username, dc=company, dc=com
objectclass....
o: department
..... (other attributes/values)
can i query the ldap database and return only unique values(one value) for
each department names?
what is the command to do so?
thanks for enlightening me. i really appreciate your time & advice.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
