www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <pct...@apache.org>
Subject Re: Centralised authentication/authorisation
Date Sun, 07 Dec 2008 21:17:28 GMT
Henning Schmiedehausen wrote:
> On Sun, 2008-12-07 at 12:35 +0000, Tony Stevenson wrote:
> 
>> This will not initially be public service, this will be an internal 
>> method for managing accounts.  If and when we goto an automated user 
>> account management, i.e. allowing user to reset passwords etc, then we 
>> may open it up in parts to the public network.
>>
>>> * what objectClasses are being used? Will people be inetOrgPerson or 
>>> posixUser or a custom apachePerson class which all the appropriate 
>>> attributes brought together?
>> It will likely we a butchered version of inetOrgPerson. Accomodating 
>> many additional data fields.
> 
> NO! WRONG! YOU DON'T MODIFY EXISTING OBJECT CLASSES! 
> 
> You add a new one, e.g. apachePerson which contains all the required
> fields. And you have your objects represent multiple object classes.
> 
> This is a *basic* concept of LDAP. If you botch this, there is no point
> in using LDAP at all, because it will be unmanageable *very* quickly. 
> 

Sorry,

That is exactly what I meant. I just didn't say what I meant.  By
butchered I did mean an extension of inetOrgPerson, incorporating all
the fields that we need.

By extension I mean, a new object class.

Whatever, I'll shut up now.  Sleep, I need sleep.


Tony


Mime
View raw message