[Freeipa-devel] Questions about LDAP Attribute Usage
Máirín Duffy
duffy at redhat.com
Thu Aug 16 20:39:23 UTC 2007
Hey,
I've skimmed through RFC2256, but I'm still having trouble understanding
it how exactly some of the attributes in LDAP are actually used. For
example:
"5.52. houseIdentifier This attribute is used to identify a building
within a location."
That still doesn't illustrate its usage very well. If there was an
example I think it would be more clear. For instance, if your street
address is '123 Sesame Street' and the '123' was considered the
houseIdentifier, that would make sense to me but I don't know if that is
the intended usage of this attribute. Sometimes the attributes don't
even have *that* much of an explanation:
"5.17. postalAddress
( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )"
Is the postalAddress supposed to be just the '123 Sesame Street' part?
Or is it the whole 'Joe Smith, 123 Sesame Street, New York, NY 10001'
text? If so, how is this information stored, all in one blob in the
attribute?
Also, how would the postalAddress attribute interact with seemingly
related attributes like 'postalCode' and 'postOfficeBox'? How does one
deal with international postal addresses as well - are any special
considerations needed here?
I also have some more general questions (I apologize for the n00bness of
all these!):
1. Can attributes contain each other? Could 'postalCode' be inserted
into 'postalAddress' ?
2. Can one user have multiples of an attribute? For example, a
postalAddress for home and a postalAddress for office and a
postalAddress for deliveries? Or can they only have one of each attribute?
3. If users can have multiple of the same attribute, is there any way to
guarantee ordering between them, so in the context of a company employee
the office version of postalAddress is used first?
4. When mapping attributes to fields in the webui, is there any document
more useful than RFC2256 for understanding better the common usages of
many of these attributes?
5. With respect to FreeIPA v1, are any of these attributes about users
absolutely *required* in all or most usages? I understand a user's
particular policy may dictate different requirements, but for v1 are
there going to be a default set of requirements that can be customizable
in later versions? Or will the required fields always be customizable?
Thanks!
~m
More information about the Freeipa-devel
mailing list