LDAP schema questions
Andrew Bartlett
abartlet at samba.org
Thu Jun 8 11:12:37 EDT 2006
On Thu, 2006-06-08 at 22:44 +1000, Luke Howard wrote:
> >> Having all the user's information in a single object will help in
> >> administration.
> >
> >I just don't buy this. And in any case, if there is the need to keep
> >these entries close to each other, why not put them 'under' the user in
> >the tree, ensuring they must be deleted with the user?
>
> There are cases whether either is useful. Using an auxiliary class gives
> you the flexibility to adopt either approach.
Yep. For the vast majority of cases, where a user only has one
principal, I would of course like to see it on the user's record. It is
the 'a user might have multiple principals, so we need this complex
attribute' thing that I don't buy.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20060608/fbfa9c7d/attachment.bin
More information about the krbdev
mailing list