[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] newbie again: changing objectClass ?
From:       Zhang Weiwu <zhangweiwu () realss ! com>
Date:       2005-08-20 7:15:16
Message-ID: 4306D884.10903 () realss ! com
[Download RAW message or body]

With schemacheck=on (yes I am using openldap, but should be the same in
other LDAP servers) it's not allowed to change objectClass for an entry.
I am writing an application that provides a UI for our company to access
the companies LDAP server:

Here is the question. Some document told me it makes little sense to
change objectClass, example: a company cannot change to a person. I
don't really understand all the documents about objectClass structure
(you can say I have a normal IQ) But in my application the objectClass
should be changed in these situations:

* The person change from a normal contact to an employee (this happens
in recruitment). E.g. was: inetOrgPerson now I wish to add objectClass:
employee which is an object class defined by myself where employeeNumber
is MUST attribute, and I wish to add both (employeeNumber and new
objectClass) at one time;

* An contact person become an external commission-based employee and we
need to grant him access to our Intranet. He was inetOrgPerson now I
wish to add objectClass: posixAccount as well as uid/uidnumber/gid

How can my application handle these situations?

Option 1) when any entry gets created, always set all objectClasses for
him/her, e.g. every new entry belongs to inetOrgPerson, posixAccount,
employee with a dumb value (could be 'NULL') for employeeNumber, uid and
uidnumber etc; My application checks and does not display dumb values;

Option 2) turn off schemacheck and I check for attributes (to see if
they satisfy MUST/MAY) by my application logic rather then by LDAP server.

both are not perfect. I might be asking stupid questions without deeply
understanding objectClass structure... But I'll be thankful for hints:)


---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.
[prev in list] [next in list] [prev in thread] [next in thread]