2010/1/9 Michael Ströder michael@stroeder.com
Hung Luu wrote:
Suppose I have the following DN's:
inetOrgPerson: [uid=alice,dc=example,dc=com]
organizationalRole: [cn=manager,ou=groups,dc=example,dc=com] [cn=supervisor,ou=groups,dc=example,dc=com]
locality: [l=phoenix,ou=division,dc=example,dc=com] [l=portland,ou=division,dc=example,dc=com]
How can I store in my directory the fact that Alice is a manger at the Phoenix division, but she is only a supervisor at the Portland division? I know group membership is involved here, but what's the best way to represent that group membership to optimize searches such as: Return all the people with a specific role at a specific locality, or return all the roles and localities for a person.
You could also use slapo-memberof to populate the member entries with a back-reference to the group entries which make some queries a lot easier.
Ciao, Michael.
Suppose I have a group of roles and a group of localities, so that I have the following representation of group membership:
[cn=manager,ou=groups,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com
[cn=supervisor,ou=groups,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com
[l=phoenix,ou=divisions,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com
[l=portland,ou=divisions,dc=example,dc=com] member: uid=alice,ou=people,dc=example,dc=com
How will slapo-memberof tell me which role Alice has at which locality? What would the query look like?
Dynamic groups look promising, but would I have to create a dynamic group for each user-role mapping? Using cn=config, I should be able to add new dynamic groups on the fly without restarting slapd?
Thanks, Hung.