[Freeipa-devel] Questions about LDAP Attribute Usage

Máirín Duffy duffy at redhat.com
Thu Aug 16 20:39:23 UTC 2007 

Hey,

I've skimmed through RFC2256, but I'm still having trouble understanding 
it how exactly some of the attributes in LDAP are actually used. For 
example:

"5.52. houseIdentifier This attribute is used to identify a building 
within a location."

That still doesn't illustrate its usage very well. If there was an 
example I think it would be more clear. For instance, if your street 
address is '123 Sesame Street' and the '123' was considered the 
houseIdentifier, that would make sense to me but I don't know if that is 
the intended usage of this attribute. Sometimes the attributes don't 
even have *that* much of an explanation:

"5.17. postalAddress
( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
      SUBSTR caseIgnoreListSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )"

Is the postalAddress supposed to be just the '123 Sesame Street' part? 
Or is it the whole 'Joe Smith, 123 Sesame Street, New York, NY 10001' 
text? If so, how is this information stored, all in one blob in the 
attribute?
Also, how would the postalAddress attribute interact with seemingly 
related attributes like 'postalCode' and 'postOfficeBox'? How does one 
deal with international postal addresses as well - are any special 
considerations needed here?

I also have some more general questions (I apologize for the n00bness of 
all these!):

1. Can attributes contain each other? Could 'postalCode' be inserted 
into 'postalAddress' ?

2. Can one user have multiples of an attribute? For example, a 
postalAddress for home and a postalAddress for office and a 
postalAddress for deliveries? Or can they only have one of each attribute?

3. If users can have multiple of the same attribute, is there any way to 
guarantee ordering between them, so in the context of a company employee 
the office version of postalAddress is used first?

4. When mapping attributes to fields in the webui, is there any document 
more useful than RFC2256 for understanding better the common usages of 
many of these attributes?

5. With respect to FreeIPA v1, are any of these attributes about users 
absolutely *required* in all or most usages? I understand a user's 
particular policy may dictate different requirements, but for v1 are 
there going to be a default set of requirements that can be customizable 
in later versions? Or will the required fields always be customizable?

Thanks!
~m

More information about the Freeipa-devel mailing list