New accounts LDAP server running
Elliot Lee
sopwith at gmail.com
Mon Jan 8 02:00:43 UTC 2007
On Jan 7, 2007, at 3:59 PM, TomLy wrote:
> I'll ask the FDS person we were working with if this is doable. This
> wasn't truly implemented in the db schema as it appears there could
> only
> be one prerequisite. This was set to the cla_done group in almost
> every
> case (except sysadmin).
>
> In this case, adding attributes to the person's shema isn't the
> solution
> (as I was thinking previously). This is because it would require a
> software layer to check the attribute. One of my thoughts on the new
> account system is to have LDAP handle as much as possible to avoid
> having to wright a software layer to wrap it.
Well, realistically speaking, it is a little bit of a pain to
implement checking this constraint even in SQL, and I imagine LDAP
just can't do it. I don't see a huge need to be worried about
implementing the constraint in a software layer, because only the
part of the system that adds people to groups will need to worry
about it. It is not as if this is something that absolutely every
directory client will need to do, just something that will need to go
into the administration codebase.
(This is assuming, of course that you choose to implement it the same
way it is implemented in the old account system. I can think of other
ways that /would/ require each and every client to pay attention to
it unless there was LDAP support...)
Best,
-- Elliot
More information about the infrastructure
mailing list