[8574] in Info-AFS_Redistribution
Re: afs pts schema?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Mar 14 22:51:14 2001
To: info-afs@transarc.com
In-Reply-To: Marcus Watts's message of "Wed, 14 Mar 2001 16:41:19 -0500"
From: Russ Allbery <rra@stanford.edu>
Date: 14 Mar 2001 19:41:53 -0800
Message-ID: <yl66hbzoji.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Marcus Watts <mdw@umich.edu> writes:
> Openldap tracks groups in groups by DN, so changing names
> is *real* painful.
The standard solution to this problem for any sort of directory-like
system is to just not use the user-visible name as a DN. In general,
that's a good idea for a whole bunch of reasons; the properties that users
want in names quite frequently conflict with the properties of a system
unique identifier.
We use machine-generated unique IDs for DNs in our directory of people.
PTS already does something similar by using negative numbers for group
identifiers.
LDAP is good at being able to search and retrieve by things that aren't
the unique identifiers.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
