Hung Luu wrote:
Suppose I have the following DN's:
inetOrgPerson: [uid=alice,dc=example,dc=com]
organizationalRole: [cn=manager,ou=groups,dc=example,dc=com] [cn=supervisor,ou=groups,dc=example,dc=com]
locality: [l=phoenix,ou=division,dc=example,dc=com] [l=portland,ou=division,dc=example,dc=com]
How can I store in my directory the fact that Alice is a manger at the Phoenix division, but she is only a supervisor at the Portland division? I know group membership is involved here, but what's the best way to represent that group membership to optimize searches such as: Return all the people with a specific role at a specific locality, or return all the roles and localities for a person.
You could also use slapo-memberof to populate the member entries with a back-reference to the group entries which make some queries a lot easier.
Ciao, Michael.